First effect of GDPR compliance for Indian companies is business discontinuity. As it is getting difficult to approach EU data subjects for anything , Indian companies need to find a legal way to approach EU data subjects.

Issue is what to use and when to use. Options left are either consent or legitimate interest as legal basis for business activity. Law says legal basis needs to be setup before taking business activity on floor i.e. before you pick your phone and ready to send mail you need to ascertain Legal basis.

If one uses consent then "'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her"

If one uses legitimate interest then Balance the interests of yours with interests of data subject. Assess whether the yours interest is overridden by fundamental rights and interests of the data subject. It is important to look at the impact on data subjects, the way the data is being processed and the reasonable expectations of data subjects. Remember that the rights of the individual are paramount to that of yours.

If these two options are left to ascertain legal basis then how to use them ? how to redefine email so it becomes GDPR compliant? How to approach your clients now? How to deal if your prospective client invoke right to be forgotten?

Do contact us if you wish to have GDPR compliance solution for your business and help your organization Stay One Step Ahead !