Indian IT firms might be looking towards Europe as the upcoming frontier for their IT conquest. However, the proposed data protection laws in Europe could put a dent on the speed with which the firms are hoping to expand in the region.
The amendment of the existing rules will make the laws more stringent than ever and will make companies which process information accountable in the event of a data breach or loss. Those who collect the data also fall within the boundaries of the forthcoming amendments.
This could have a huge impact on the Indian IT firms as well as BPO firms which work for clients from Europe as dealing with these clients would now require higher certification and security requirements from the Indian companies.
These companies are required to report data breach within a span of 72 hours of the breach having occurred. The fines imposed on them could be as huge as $1 million or 2 percent of the annual turnover of the firm.
According to Samuel Mani, the founding partner of Mani Chengappa and Mathur legal firm, companies will have to adhere strictly to the additional balances and checks in contracts in order to avoid being penalized.
The proposed EU rules will apply in the event that the personal data of people in EU is handled by firms abroad which do not belong to the EU. Triggering of the data protection law will not actually require the consumer to pay the company.
India’s share in the IT-services market of Europe
A majority, almost half, of the IT services market in Europe is contributed by France and Germany. The market has been estimated to be worth $155 billion (over INR10 lakh crore) as per European Information Technology Observatory.
IT-BPO industry of India is expected to garner exports worth $76 billion in the first quarter of 2013 and Europe contributes less than 30 percent in this, primarily from the Nordic region and UK.
European Commission had issued a memo in January regarding data regulation. The memo stated the relevance of storing and collection of personal data. The borders are thinning when it comes to transfer of these data as even companies of third countries are able to access this data by leveraging cloud computing.
Even though the directive has not yet become a law, huge support is being given to it by the European government. The proposed law will have two parts, one for the data processors and the other for data collectors.
The data protection laws in Europe was instituted in 1995 in order to bring in policies which govern processing and collection of personal data as well as the movement of this information between countries and companies.