Data Security Council of India (DSCI) and Deloitte Touché Tohmatsu India LLP (DTTILLP, or Deloitte) jointly conducted a survey to study the preparedness of organisations based in India with the requirements mandated by the European Union's (EU) General Data Protection Regulation (GDPR).The objective of this survey was to measure the GDPR readiness process and the overall alignment towards privacy of Indian organisations. The report details many aspects such as the awareness of the Indian organisations, how GDPR would be applicable to them, how they are preparing for it, what are few of the most prevalent leading practices used by Indian organisations to adhere with the requirements laid down by the regulation.
Almost one third of organisations who responded to the survey offer services and have presence in the EU. As compared to large Indian organisations (with employee count of more than 10,000), majority of Indian Small & Medium Enterprizes started their GDPR readiness journey towards late 2017. From sector perspective, IT/BPM, Health and E-commerce were identified as the frontrunners of the GDPR readiness journey. Based on the survey results it was identified that the primary driving factor for GDPR readiness was to avoid legal & contractual liabilities, fines & penalties followed by gaining a competitive advantage through GDPR compliance. Another related aspect thatwas identified was for organisations to have a dedicated privacy team with increase in privacy laws and regulations around the world. As an initial step towards adopting a privacy culture, organisations are looking to prioritize training and hiring the right privacy workforce to manage