AgenciesMumbai: IT services provider Cognizant has said the Personal Data Protection Bill, 2018 could impose stringent obligations on it for localisation of sensitive data, and along with regulatory changes in other countries may lead to additional compliance costs.
“If enacted in its current form, it would impose stringent obligations on the handling of personal data, including certain localisation requirements for sensitive data. Other countries have enacted or are considering enacting data localisation laws that require certain data to stay within their borders,” the Teaneck, New Jersey-based firm said in its annual report, highlighting it under risk factors to business for the coming year.
A company may have to pay a penalty of up to Rs 15 crore or 4% of its global turnover if found violating norms under the Bill.
Failure to conduct a data audit will attract a fine of Rs 5 crore or 2% of the annual turnover of the company.
“Complying with changing regulatory requirements requires us to incur substantial costs, exposes us to potential regulatory action or litigation, and may require changes to our business practices in certain jurisdictions, any of which could materially adversely affect our business operations and operating results,” Cognizant said.
Europe’s General Data Protection Regulation, on which the data protection Bill has been modelled, cost US Fortune 500 companies up to $7.8 billion and UK’s FTSE 350 companies up to $1.1billion for compliance preparation, according to an earlier report by International Association of Privacy Professionals and Ernst & Young.
Technology companies will have to invest in changes to data architectures, including local data centres, once the Bill becomes law, analysts said.
“Some short-term disruptions are possible, but the answer to this would be significant investment in data governance. It will impact smaller providers more because they have to create special provisions, change processes and systems of transferring data,” said DD Mishra, Senior Director Analyst at technology research house Gartner.
“If enacted in its current form, it would impose stringent obligations on the handling of personal data, including certain localisation requirements for sensitive data. Other countries have enacted or are considering enacting data localisation laws that require certain data to stay within their borders,” the Teaneck, New Jersey-based firm said in its annual report, highlighting it under risk factors to business for the coming year.
The Bill was recently cleared for introduction in the ongoing Budget session of Parliament.
A company may have to pay a penalty of up to Rs 15 crore or 4% of its global turnover if found violating norms under the Bill.
Failure to conduct a data audit will attract a fine of Rs 5 crore or 2% of the annual turnover of the company.
“Complying with changing regulatory requirements requires us to incur substantial costs, exposes us to potential regulatory action or litigation, and may require changes to our business practices in certain jurisdictions, any of which could materially adversely affect our business operations and operating results,” Cognizant said.
Discover the stories of your interest
Europe’s General Data Protection Regulation, on which the data protection Bill has been modelled, cost US Fortune 500 companies up to $7.8 billion and UK’s FTSE 350 companies up to $1.1billion for compliance preparation, according to an earlier report by International Association of Privacy Professionals and Ernst & Young.
Technology companies will have to invest in changes to data architectures, including local data centres, once the Bill becomes law, analysts said.
“Some short-term disruptions are possible, but the answer to this would be significant investment in data governance. It will impact smaller providers more because they have to create special provisions, change processes and systems of transferring data,” said DD Mishra, Senior Director Analyst at technology research house Gartner.
Get Unlimited Access to The Economic Times
