Skip to main content

Why not a GDPR for India?





Why not a GDPR for India?


After the recent scandal from Cambridge Analytica, millions of people are concerned over the privacy of their data and so are the Indians. India, one of the biggest markets of Facebook is most exciting market for such companies to test their concepts on artificial intelligence and machine learning. Cheap internet, wide adoption of smartphones and a huge young population totally unaware of the consequences of using the unsafe internet has set the internet product companies to exploit high-value Intel and data generated from India in a much easier way.
I will start today with where does India stand in the world of “world wide web or internet” usage. Below are some figures on the number of internet user in millions globally.


Number of Internet users in millions

As the data shows, India stands second in terms of the number of Internet users and it’s increasing at a very rapid rate. Though I must mention that at the moment, India has one of the lowest internet penetration but has one of the highest growth rates.
By the year 2018, India will surpass the ‘500 million’ benchmark. These are mere internet users if we talk only about the numbers; but, I wonder how many of them understand security or how many of them come from the IT background or IT security background? How many of them would really understand the complex world of WEB? This leads to a bigger question, in today’s digital world, are the internet users in India being provided with the fundamental right of data privacy and if yes, then how has it been implemented? Are the users aware of it? and the list of similar questions goes on and on and on…..

Now, where does India stand in terms of its Data Protection Policies and how the rest of the world see India in terms of Data Protection Law.

Below is a heat map of Global privacy laws which shows that India comes under the category of minimal restrictions over data protection. Whereas Germany, Switzerland, together with a couple of others have most restrictive data protection laws.
Many of you might have heard about the EU GDPR, European Union –  General Data Protection Regulation, which is by far one of the most stringent data protection laws around the world. 
In EU, the right to privacy is a fundamental right which seeks to protect an individual‘s dignity. The European Charter of Fundamental Rights (EU Charter) recognizes the right to privacy as well as the right to protection of personal data.
New GDPR has some serious implications over businesses as well as over end users. GDPR on one hand has provided more rights to the end users and on the other hand, it has pushed the enterprises to secure personal data.
I won’t be able to explain the whole GDPR in this article as this would be out of scope for this article and there is already a plenty of information available over the internet about GDPR in general.

But regardless, here are some key points for both business as well as individuals.

For Individuals :

  1. Right to Information
  2. Right to be forgotten
  3. Right to the restriction of processing
  4. Right to data portability
You can download more information on GDPR by clicking here.

For Data Processors or Data Controllers:

  1. Data controllers (i.e. the entities that define the purposes and means of the processing) have to ensure compliance with the GDPR and be able to demonstrate such compliance
  2. Data processors must provide the expected guarantees just as data controllers do and must also implement appropriate technical and organizational measures to ensure that the processing will meet the requirements of the GDPR
  3. Data controllers must provide such notification to the DPA without undue delay and, where feasible, not later than 72 hours after having become aware of it
  4. Personal data may be transferred outside the EU to third countries or international organizations that provide an “adequate level of data protection”, meaning “essentially equivalent” to the level of protection afforded within the EU.

Now just imagine, if you are residing in any of the most restrictive countries about Data Protection, you would start feeling secure as you know that your country is taking such steps to give you more rights and also making sure that your personal data is handled carefully.

But what about India?

India, currently has two main concerns.
  1. Impact of GDPR on the businesses in India
  2. To implement an adequate level of Data Protection
IT is one of the main industries that is currently driving Indian economy and with the introduction of GDPR, Indian IT industry might have some serious implications. Lot of IT companies in India are working for European clients and as the GDPR stated, personal data may be transferred outside EU to any other country or organization only if they ensure that they have an equivalent level of data protection. Therefore, at first place, different organizations will have to comply themselves for GDPR if they want to retain the customers but the problem lies for the country itself as India itself is not a secure territory to transfer personal data.
Therefore, it has become vital to introduce an equivalent of GDPR in India which will help Indian IT industry glooming at the current pace or even faster and it will also ensure trust in people of India and will support the fundamental right of privacy.
Labels:

Comments

Post a Comment

Popular posts from this blog

Splunk - Adding a lookup

These days many companies started using Splunk for security monitoring and the only thing I can say is “it is worth it”.   Splunk can significantly reduce the work load, just imagine that you are operating more than 20 Security Solutions which generated tons of logs and you have to identify an attack and of course react in a prompt fashion. I can certainly recommend Splunk for such scenarios. Of course everything comes at a cost and Splunk is definitely not a cheap product.   I am now using Splunk for past 3 years but still from time to time I need to google some stuff to fix my issues and many a times I had to spend a bit too much time even though the Splunk community is very strong. May be I was not looking into the right direction and perhaps I was too naive to understand what others were talking. Therefore with the medium of my blog, I will share some useful information for all the splunk users. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++...
Post a Comment
Read more

Cloud based WAF sucks more than you thought - Privacy?

In my  previous  post, I have described a basic diagram of WAF into any network. Now imagine if we just place WAF into a cloud and for an easy explanation,instead of reinventing the wheel, I will refer to the Sucuri’s  diagram  here   It is clearly stated in this diagram that Sucuri's network will protect your website against hackers who may perform injection attacks like XSS, SQL Injection, Command injection etc. Now in real life to an end user, it is quite complicated to figure out whether there is a WAF in place or not and actually why an end user would be interested. His/Her only concern would be that their personal information should be properly taken care off while they’re visiting a website. But as an end customer how would you make sure that the information that you are providing will be taken care of and without your consent, it won’t be shared with any third party. Well it is quite a complex question, especially for the people who have nothing to do...
Post a Comment
Read more

Cloud based WAF against cyber attacks?

Target  :  www.bhaskar.com Alexa Global Rank  : 427 Rank in India  : 31 I deal with Web Application Firewalls in my daily operations and I got to know some more in the market out of which everyone claims that they are the best. Every time we talk about web application firewalls, one basic question arises, can we completely mitigate all the web related risks onto a WAF? Another question that arises in my mind is, can small and medium size businesses afford to have an in-house WAF for all their applications, I think NOT as it requires some investment, continuous maintenance and continuous WAF operations, moreover awareness about the Security, which is mostly missed. These factors evolves a new business model  "Cloud Based WAF" Why Cloud based WAF? Easy to afford Mitigate risks onto third party Easy to maintain Compliance & Governance Source:  https://sucuri.net/website-firewall/signup   Hmm......Sounds very promising with the ...
Post a Comment
Read more