Businesses across the world are grappling with the nitty-gritties of the General Data Protection Regulation (GDPR) in the European Union. This law's impact on the data-driven advertisinglandscape in India is still to be seen but a version of it is necessary for the Indian market as well, say digital media experts. Indians in general are more lax about their data privacy and there is need for better laws to protect them, said digital media buyers and marketers. The community welcomes an overhaul of the existing data laws.
The law which will possibly serve as a blueprint for similar regulations in India is very much a need of the hour, say digital media buyers and marketers. Here’s what some had to say:
Roopak Saluja, Founder and CEO, The 120 Media Collective
India desperately needs its own version of GDPR. In general, there's too little enforceable and enforced regulation around data and privacy. We've become numb to the number of unwanted marketing calls we receive every day but if that isn't a telling sign we have a problem, I don't know what is.
That said, let's not forget all the benefits of personalization, customer experience and the like that come with sophisticated data mining and management. Have all the regulations you want but allow for data to be used for general benefit as long as methods like two-part encryption can be used to prevent data being ascribed to a particular individual.
Rajiv Dingra, Founder & CEO, WAT Consult
A version of GDPR is surely needed in India. The law in India should regulate the collection and use of customer data. Indian consumers should also have the option of opting to share data and give consent for receiving promotional content. Currently Indian users frequently receive unsolicited calls, e-mails and texts; this needs to stop.
The law in India may not have to be at the same as the one that is to be implemented in the European Union. For example, the penalty in the EU for a breach is 4 per cent of the company’s revenue, this can be customised to the Indian context because a huge number like that is unviable in India. The penalty need not be a factor of the revenue, it could instead be an increase in taxation for example.
Swati Rathi, Senior GM & Head Marketing, Godrej Appliances
India, being a country with over 34 per cent internet users and soon expected to reach 50 per cent of the population, data protection regulation is obviously relevant. Even Supreme Court had recently affirmed right to privacy as a fundamental right. Hence, addressing and safeguarding privacy-related interests of our citizens merits attention.
Considering the scale in India, we need to implement well defined, clear and most importantly ‘enforceable’ laws against privacy infringements by businesses and data gatherers. Our law enforcement agencies should be equipped to deal with compliance against such laws to ensure it is not lip service. At the same time, the law should be constructive in spirit and encourage businesses to comply with it.
Prasad Shejale, Co-Founder & CEO, Logicserve Digital
It is of paramount importance to have robust data protection laws like GDPR in India to continue using consumer data ethically and in the rightful way. The existing data protection laws in our country i.e. Information Technology Act 2000 (IT Act) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 can definitely be augmented taking cues from some of the best practices from GDPR.
The awareness among Indians about the way their data is used by organisations and the need of data protection/ regulation is extremely low. Considering the exponential growth of the digital marketing industry and increasing usage of data by both consumers and brands, it becomes imperative to avoid any major fallout over misuse of data.
Data protection laws in India should take care of factors like educating users about their data protection and have clear and stricter definitions about terms like ‘sensitive data’, ‘personal information’, etc. We should also have stringent laws and penalties in case of deliberate misuse of data by organisations.
B Krishna Rao, Category Head, Parle Products
India needs GDPR sooner than later. With the advent of the digital life, importance of GDPR becomes extremely important. Every organisation (app owners, social media owners), individuals and public authority (banks, UID government bodies, etc) must use and process the personal data meant for the particular purpose with due consent of the individual. Further, there should be a provision on the lines of DND to market/publish/advertise sale by seek consent from the individuals.
Sahil Chopra, Founder CEO, iCubesWire
India too badly needs to have something similar as soon as feasible. Users’ data should and can only be shared with consent and the default settings should have no access/sharing. In India currently, there is nothing like user privacy or data protection, and at any/every touch point users are forced to declare all information, many a times without consent.
Suraj Nagappa, VP, Isobar India
Yes, we should realise that GDPR is about more than just data, to ensure continuity of business within the EU we have to accept GDPR and work towards compliance. Upholding customer trust in digital technology must be the heart of such a law. With constant cyber threats, staying secure in digital-first and cloud-first world is a huge task. Agencies should start involving various stakeholders such as customers, vendors, employees and third parties and determine GDPR requirements applicable to the organisation.