Privacy Shield Set Aside by CJEU – A Guidance for India

The European Union (“EU”) is a major source of revenue for the information technology and business process outsourcing industry in India. However, there are several challenges that India faces with respect to transfer of personal data from EU to India.

Presently, the data protection regime in India does not provide the same level of protection as the data protection regime in the EU, in particular because the Personal Data Protection Bill, 2019 has not been enacted yet. Further, Article 3 of the EU General Data Protection Regulation (“GDPR”) states that provisions of GDPR will be applicable even in a case where the processing of personal data takes place outside the EU.

As such, in case of transfer of personal data from EU, it becomes relevant for Indian entities to comply with the provisions of the GDPR as non-compliance or breach of its provisions may attract a fine of up to 20,000,000 EUR (Twenty Million Euros) or 4% (four percent) of the total worldwide annual turnover of the preceding financial year, whichever is higher.

 

Tatva Legal, Hyderabad has an experienced team of corporate lawyers who, amongst other services, advise on matters involving data privacy and other such areas involving  information technology law.