Chief Information Security Officer, Nagarro
Any views expressed herein are not necessarily the views of CIPL nor Hunton Andrews Kurth LLP
Data Protection regulations will be central to establish rights of individuals and create responsibilities for enterprises which need to process data as part of their businesses and setting guidelines to facilitate compliance. It is expected that within the next few years, more than 65% of the world’s population would be protected by some data privacy law. Beyond regulatory compliance, we believe that ethical processing of personal data is going to be a critical element in corporate governance. Hence, we must enable trust and accommodate the expectations of individuals in a digital society. This should, however, be done by creating regulations that are interoperable at a global scale. Most organizations (including Indian companies) have a growing global footprint. Regulations that are not globally interoperable would only become business inhibitors and deterrents in the long run. This may also result in making compliance disproportionally expensive, creating significant overheads and overall, challenging to implement. This will be true even for organizations that do not process end-user data (unlike Google and Facebook) but do have subsidiaries and sister organizations across the globe. Interoperable standards would also ensure better security and compliance of data as organizations focus on a uniform technical architecture and compliance framework. This will ensure that personal data is processed and consumed in a responsible way to foster the digital society and economy, without compromising the fundamental rights of individuals – which is the core intent of all data protection regulations.