Press releases

India Inc envisages GDPR as the next big business opportunity: Deloitte-DSCI Study

  • 71% of survey respondents expressed that this regulation will help bring a sense of privacy in business and innovation in ideas.
  • IT/BPM, Health, Ecommerce, Manufacturing and Pharma led the GDPR readiness efforts
  • 58% of the respondents are of the view that Small & mid-size EU companies would open up for business possibilities to Indian organisations
  • Avoiding legal & contractual liabilities, fines & penalties (62%) and getting a competitive edge (60%) identified as key motivators for GDPR compliance
  • Right to Data Portability, Right to Erasure and Right to Restriction of Processing recognised as most challenging data subject rights

Mumbai, July 2nd 2018 :  71% Indian enterprises say Global Data Privacy Regulation (GDPR) will help bring a sense of privacy in business and innovation in ideas, according to a recent survey conducted by Deloitte Touche Tohmatsu India LLP (DTTILLP or Deloitte India or Deloitte) in alliance with Data Security Council of India (DSCI).

The joint study reaffirms, organizations that are GDPR ready will gain a competitive advantage, as they will be able to use personal data in their innovations and digitization, helping provide better delivery to their clients through the following measures:

  • Provide better customer experiences (60%)
  • Enhance productivity of internal operations (54%)
  • Personalization of product & services deliveries (47%)
  • Creation of new products and services (46%)

In addition, particularly small & mid-size EU companies would open up for business possibilities to Indian firms, given the ease of data transfer between organisations.

With respect to sectors, IT/BPM, Health, Ecommerce, Manufacturing and Pharma are  the five frontrunners of the GDPR readiness journey. 

Commenting on the survey launch Vishal Jain, Partner, Deloitte India said,” Digital transformation and advanced technologies have enabled enterprises to enhance customer experience. This requires a fair balance between data privacy and accessibility.

GDPR brings in a renewed focus to data privacy. While this is a new compliance imperative, it also provides a competitive advantage for businesses. Infact, our survey findings also infer that GDPR can be the new business opportunity for Indian firms.

The need of the hour for India Inc is to develop a strategic roadmap of adoption for this policy that is transparent and further allows them to build the next layer of customer trust."

Rama Vedashree, CEO, DSCI said “EU has been a key geography for Indian IT and has been servicing customers across several verticals including public sector.

Innovations in global services delivery models, best in class processes and standardization, attention to data protection has kept India’s IT growth story flying high. Scaling its people, process maturity and harnessing technology solutions for rigorous implementation has enabled driving conformance to data protection regulations in various geographies. Given EU GDPR, and impending India’s Data Protection Law, stepping up focus on Data protection practices and capability building, is a key imperative to satisfy expectations of customers and consumers

The joint survey from Deloitte and DSCI is an effort to analyse the current state of preparedness of Indian organizations basis the requirements mandated by the European Union’s (EU) General Data Protection Regulation (GDPR).

  • According to the survey in India, even as 28% of the small organizations are yet to initiate their journey towards GDPR,  71% of survey respondents expressed that this regulation will help bring a sense of privacy in business and innovation in ideas.
  • Out of the organizations that have taken action for GDPR readiness, 80% have conducted general awareness campaigns for all their relevant stakeholders to identify their processes, which access personal or sensitive data.
  • While Right to Data Portability, Right to Erasure and Right to Restriction of Processing were recognised as most challenging data subject rights, 62% of respondents felt avoiding legal & contractual liabilities, fines & penalties as the biggest motivator for compliance followed by the need to get a competitive edge.
  • The report also notes that IT/BPM sector was the most responsive sector in terms of taking any steps towards GDPR readiness with 84% of IT organizations having started readiness journey. This was followed by health and E-commerce sectors with 81% and 80% organizations respectively initiating their process.

As a step forward, this  survey  laid emphasis on the need for a dedicated privacy team and a Data Protection officer (DPO) as their absence may pose a problem for organizations once the regulations for data privacy of various countries broaden after the enforcement of GDPR. This team would set the ground for Data Protection Impact Assessment (DPIA) that would help organizations identify, assess, and mitigate or minimize privacy risks with data processing activities.

Furthermore, it suggest that it is important for Indian organizations, especially Business Process Management (BPM) organizations, call centres and Business Process Outsourcing (BPO) organizations, to assess their role under GDPR as that of a Data Controller (DC), Data processor (DP) or both, since regulatory requirements for a Data Controller may vary from those for a Data Processor.

About the Survey

DSCI and Deloitte India, have conducted this survey. The results of this survey are based on responses, representing small to large sized organizations and diverse sectors such as Information Technology (IT)/Business Process Management (BPM), Banking Financial Services and Insurance (BFSI), Telecommunications, Manufacturing, Pharmaceuticals, Healthcare, and Oil & Energy.

Notes to the editor for reference purposes only

This press release has been issued by Deloitte India & DSCI.

Deloitte India herein refers to Deloitte Touche Tohmatsu Limited.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see for a more detailed description of DTTL and its member firms.

About Deloitte India

All the facts and figures that talk to our size and diversity and years of experiences, as notable and important as they may be, are secondary to the truest measure of Deloitte: the impact we make in the world.

So, when people ask, “what’s different about Deloitte?” the answer resides in the many specific examples of where we have helped Deloitte member firm clients, our people, and sections of society to achieve remarkable goals, solve complex problems or make meaningful progress. Deeper still, it’s in the beliefs, behaviors and fundamental sense of purpose that underpin all that we do.

Deloitte Globally has grown in scale and diversity—more than 263,900 people in 150 countries, providing multidisciplinary services yet our shared culture remains the same.

About DSCI

Data Security Council of India (DSCI) is a premier industry body on data protection in India, setup by NASSCOM®, committed to making the cyberspace safe, secure and trusted by establishing best practices, standards and initiatives in cyber security and privacy. DSCI brings together governments and their agencies, industry sectors including IT-BPM, BFSI, Telecom, industry associations, data protection authorities and think tanks for public advocacy, thought leadership, capacity building and outreach initiatives.

Media Contact:

Deloitte India

Mou Chakravorty

Deloitte India

Cell: +91 8454042392


Did you find this useful?