India to seek EU’s approval on GDPR compliance for ‘adequacy’ status

India to seek EU’s approval on GDPR compliance for ‘adequacy’ status
Credit: GraphicPear

The Economic Times reports that India is gearing up to seek ‘adequacy’ status with the European Union‘s General Data Protection Regulation (GDPR), a set of privacy laws adopted by the region in 2016 and enforced from last year.

If it goes through, it would mean that the EU recognizes India’s data protections as equivalent to those required by GDPR. This, in turn, would allow EU tech firms to store and transfer data in India, and could enable companies in Europe to outsource data-intensive projects to India while complying with GDPR.

The rules hold ‘controllers’ – people and organizations in charge of others’ data – responsible for properly handling and protecting the information they’ve collected. That means these entities will need to have compliant infrastructure and safeguards to manage this data, ensure anonymity where necessary, and protect customers’ privacy.

There’s a lot of work to be done before this comes into play, though. For starters, India needs to pass its own Personal Data Protection Bill, which details how companies should handle customers’ data. A draft was submitted to the IT Ministry last July, and it’s yet to be introduced to the Parliament.

Next, the EU will have to see a proposal from the European Commission, receive an opinion of the European Data Protection Board, get an approval from representatives of EU countries, and finally, see the adoption of the decision by the European Commission. So yeah, it’s not going to happen overnight.

The EU has granted GDPR adequacy status to 13 countries so far – Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay and the US. It’s worth noting there are limitations to said status for the US and Canada. Plus, the EU is also working on adequacy status for South Korea at present.

Receiving adequacy status could boost India’s massive IT services industry – but the stringent requirements could also be good news for citizens, as it would provide strong protections for the privacy of their data.

Read next: MediaTek takes on Qualcomm's Snapdragon with a new gaming chipset for phones