GDPR's territorial scope is expansive, are you ready?
GDPR applies to businesses outside the EU if their data processing activities relate to goods or services offered to individuals in the EU
The territorial scope of the General Data Protection Regulation that takes immediate effect will apply to the processing of personal data by businesses “established” within the European Union. That said, it also will apply to businesses outside the EU if their data processing activities relate to goods or services offered to individuals in the EU.
Article 3 of GDPR clearly states: This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
This expands the territorial scope of the GDPR well beyond the EU, essentially making it global law. Despite this, Indian experts that exchange4media spoke to said that GDPR will have limited implications on the Indian digital advertising landscape.
Indian Digital media buyers and marketers are far removed from the repercussions of the implementation of the law unless they are representing European companies, exchanging data with EU companies or marketing to individuals within the EU, some said.
“Any Indian company working and exchanging data with EU-based companies or dealing with data of EU citizens will need to re-align their businesses so that it complies with the new regulation,” explained Projjol Banerjea, Co-founder and CPO, Zeotap. As a result, he expects a rise of roles such as CDOs (Chief Data Officers) or DPOs (Data Protection Officers) within the mobile advertising ecosystem and will place data privacy and security at the top of Indian companies' agendas.
“Businesses that are headquartered in the EU will need to follow the law across all geographies including India. And Indian companies that may be targeting individuals within the EU or will also need to comply with the provisions of the law,” said Rahul Vengalil, CEO, WhatClicks, a digital marketing audit firm. Other digital marketers whom exchange4media spoke to said that large network agencies are GDPR compliant since they operate across geographies.
For example, Swati Rathi, Senior GM and Head Marketing, Godrej Appliances, said that even though Godrej Appliances is not per se impacted at this stage, the company is working on complying with the global laws. "There are new guidelines being set in place to govern our data related advertising on online portals like Facebook and Google. We are undertaking a consolidated effort in data governance exercises with all our partners and creating a detailed checklist wherein we ensure all parameters for data safety are covered. Our intent is to get our partners and agencies certified on data protection and only consider certified businesses to work with, in the future."
As the European Union woke up to a data secure world, India has other battles to win first. Some industry experts that exchange4media spoke to said that India needs its own version of the law, possibly one that is less stringent. At the same time they also say that consumer awareness is very low with regard to data security, and they need to be educated about data privacy. “The scale of India is such that adherence to such a law is hard to enforce,” pointed out Neena Dasgupta, CEO and Director of ZIRCA Digital Solutions.
Instagram, LinkedIn, Twitter, Facebook & Youtube