The Justice Srikrishna Committee’s Data Localisation proposal may see some Indian start-ups in a spot of bother. Simply put, Data Localisation mandates that an Indian user’s data will have to be stored within the country. The provision is part of the Justice Srikrishna Committee’s recommendations, which aim to bring about tighter General Data Privacy Regulations (GDPR).
Infrastructure and budget constraints
A recent study by Deloitte and the Data Security Council of India (DSCI) reveals that several Indian start-ups and smaller firms may not GDPR-ready, yet. A survey conducted on 58 companies has revealed that merely 28 percent of companies with less than 250 employees haven’t yet begun their GDPR-preparedness. The report lists budgetary constraints and lack of infrastructure as primary reasons, for this.
Start-ups like Hyderabad-based Eunimart now want the Indian Government to facilitate the transition to a more GDPR-prepared eco-system.
“The prospect of having that level of security, certification; that level of data management in the country — you just can’t do it,” said Shayak Mazumder, Founder and CEO, Eunimart, “In the early stages, you (start-ups) just don’t know where to hold your servers. When we built our first servers, they were in California. Today, if somebody tells me hold it in Mumbai, the cost is high, and I can’t do it.”
Big enterprises better prepared for GDPR
On the bright side though, the Deloitte-DSCI study reveals that larger enterprises have all bases covered on the compliance front. The survey reveals that as of early 2018, all companies with over 10,000 employees are GDPR-ready. In fact, 36 percent of these companies, it says, began GDPR-preparedness protocols as early as 2016.
Chennai-and-Silicon-Valley-based Zoho Corp is a prime example. In a week from now, the SAAS company will launch two new data centres in India — one in Mumbai, and the other in Chennai. Zoho says these centres will rank among some of their largest in the world.
“We’ve invested tens of millions of dollars, because we expect Indian traffic to grow at a much faster rate than developed countries,” said Sridhar Vembu, CEO, Zoho Corp while speaking exclusively to CNBC-TV18.
Zoho’s 36-percent Indian user base will have the option of storing their data in India once the data centres begin operations next week. Sridhar said all Indian customers will have their data stored within India, by the end of the year. The company has also announced that its data centre count will total to 20 by the end of next year. The move comes even as Zoho’s Indian traffic is expected to overtake that of the United States by the end of this year.
IT, E-Commerce, Health Best Equipped
The Deloitte-DSCI study reveals that the IT, E-Commerce and Health sectors lead the rest when it comes to GDPR-preparedness. Nearly 84 percent of IT companies surveyed said they were GDPR-ready, followed by Health (81%) and E-Commerce (80%). But the divide between small and large enterprise, has a few questioning the need for data localisation in the first place.In an earlier interview to CNBC-TV18, US-based cyber security firm, Symantec had questioned the need for data localization.
The company’s senior director for cyber security, Peter Sparkes said that “geography is not that important” for data protection, choosing to endorse “controls and processes that protect user data. But experts say it's unlikely the Indian government will let that slide, given the mass hysteria any hint of a data breach has sparked off lately.