Can EU’s GDPR Really Bring Opportunities for Businesses in India?

By: Arun Balasubramanian, Managing Director, Qlik India

In 2016, the European Union passed the General Data Protection Regulation (GDPR), which is widely acknowledged as one of the broadest and most comprehensive regulatory frameworks ever drafted. In the two years that have passed, a series of extremely alarming data breaches from Equifax and Uber to Facebook and Cambridge Analytica have made it abundantly clear that there is a need for the industry to better protect the private data of users globally.

Companies across the world have been operating in the digital domain, collecting data from users across the world under what was a more permissive regulatory regime. But with the GDPR coming into effect on May 25, 2018, companies that inadequately safeguard private user data would face the possibility of punishing fines going up to USD 25 million or 4% of their global annual turnover.

Companies that are based in Europe, do business there, or gather any private data from EU citizens now have a strong incentive to revise their systems to ensure compliance. Since all websites, applications, and other company assets in the digital domain cannot adequately distinguish between users from one region or another, any company looking to avoid these fines will have to bring their systems into compliance. Regulatory frameworks with such a far-reaching impact often represent the first step in a massive paradigm shift in how industries operate. And where there is a tremendous change, there is potential.

The once-in-a-lifetime GDPR opportunity

GDPR is, indubitably, a challenging proposition for companies. In addition to making required changes to their processes and systems, becoming compliant would require organizations across the globe to understand and identify what personal data they have on their systems. They would have to ensure that the data is collected legitimately, stored securely, and accessible only under the right circumstances. Conducting such a comprehensive exercise, while laborious, could be an incredible business opportunity.

Industry sources peg the GDPR compliance market at anywhere between USD 3.5 to USD 9 billion, while other estimations project that just the Fortune’s Global 500 companies will spend roughly USD 7.8 billion on GDPR compliance. All kinds of technology-driven companies are now cashing in on the opportunity, looking to guide others towards being compliant as the deadline for implementation draws close. However, the larger opportunity rests in reassuring a new generation of digital natives about the ecosystem that they are stepping into. Companies that are compliant and proactively engaging with user concerns over privacy will fare better, creating an opportunity for those that comply sooner rather than later.

The long-term benefits of GDPR

As companies evaluate their systems for compliance, they will have to re-evaluate their entire digital architecture to ensure that customers are being informed about data collection, and that private data collected is kept as secure as possible. These sorts of ‘data audits’ can help companies minimize the amount of data they collect and hold, better organize their data-storage systems, and refine their data management process.

Several leading business intelligence and data analytics companies have already gotten ahead of their competition and become compliant, and are now bringing their data-wrangling and management expertise to help their customers transform their own systems. Engaging in this exercise will create leaner and more transparent data collection and use processes, which would reduce company liability while making customers feel more secure. Improved data management is an expected outcome of GDPR’s application within the global market.

Digital marketing is also expected to be indelibly changed once GDPR comes into effect, as promotional e-mails sent without the recipient’s prior consent fall afoul of the legislation’s diktat. As all marketing efforts must now be directed towards potential customers who have expressed some form of interest, marketing will become more targeted. Companies will have to innovate to get their messages across to consumers, and consumers will no longer have inboxes crawling with thousands of spam e-mails.

Finally, the biggest benefit of GDPR would be in its potential to be a reboot of how companies engage with their customers digitally. Users will now have more reason to trust the businesses they interact with online, and companies can use this opportunity to open their processes up to external scrutiny. To gather consent to use private data, companies will have to clearly and concisely explain how their data is handled, and how it is kept secure. They can choose to become leaders instead of compliant followers by highlighting that they do more to address the rising privacy concerns of their users, becoming the new USP and selling point to make a more compelling value proposition to their customers.

The world will soon be divided between those companies which prepared for the future and were more responsive to the world’s dynamic privacy concerns, and those that were unable to adjust to the demands of a new way of doing business. Those companies that look upon GDPR as a burden are more likely to belong to the latter.