Suresh Kumar, Partner & CIO - Grant Thornton   

“New regulations and legislations are coming into effect across the globe impacting businesses. One of the major regulations related to Data privacy and security is the European Union’s General Data Protection Regulation (GDPR), which came into effect from May 25, 2018. A recent update about GDPR is UK’s Information Commissioner’s Office has imposed substantial fines on two large organizations for data breaches. Firstly, a fine of US $230 million on British Airways for a security incident that led to theft of customer data in September, 2018. Another fine of US $ 124 million has been imposed on Marriott International for a data breach at Starwood which it acquired in 2016. Both the penalties are very high and severely impacted these organizations.

In India, right to privacy is a fundamental right and it is necessary to protect personal data as an essential facet of informational privacy through“THE PERSONAL DATA PROTECTION BILL, 2018”. This regulation is very similar to GDPR and places great responsibility on businesses. Similar to GDPR, there are provisions of hefty penalties up to 2% of worldwide revenue of INR 5 Crores, whichever is higher.

Adherence to industry compliance regulations is increasing year-on-year. Regulations such as the PCI DSS, HIPPA for retailers/travel industry and healthcare organizations respectively require IT administrators to implement controls necessary to support their compliance framework.”