C&L_December 2017 (1)
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Cover Story<br />
“We comply with UK/<br />
EU data protection<br />
act for some of our<br />
clients so it is not<br />
going to be a difficult<br />
change for us. However,<br />
the team involved<br />
started working on it<br />
proactively to be ready<br />
to show compliance to<br />
GDPR well ahead of the<br />
deadline.”<br />
Sachin Jain<br />
CIO & CISO at Evalueserve<br />
Jain said that they take “reasonable” as the baseline protection<br />
layer or controls one has to deploy to ensure privacy and<br />
safety of data.<br />
The concern is natural as the IT/ITes sector in India has<br />
reported the largest increase in data breaches in 2016. The<br />
healthcare industry, comes a close second, accounting for<br />
28% of data breaches, rising 11% last year compared to 2015.<br />
This calls for stringent measures to protect healthcare<br />
records of patients in India. The section 43(a) and section<br />
72 of the IT Act mandates organizations to take reasonable<br />
provisions to protect sensitive information and provides a<br />
broad framework for the collection, storage and protection of<br />
personal information in India – including health conditions,<br />
medical records and biometric records.<br />
Other jurisdictions have already enacted sector-specific<br />
laws to protect medical information. The Health Insurance<br />
Portability and Accountability Act (HIPAA) is the primary<br />
law that establishes the US legal framework for health information<br />
privacy and gives patients substantial control over<br />
their information.<br />
At Alembic Pharmaceuticals, the company has tied with a<br />
leading consulting provider to identify areas where it needs<br />
to make process and data changes which would be in alignment<br />
with GDPR regulations.<br />
According to Gopal Rangaraj, its CIO & Head-IT, GDPR is<br />
an organic extension and is not a completely new framework.<br />
In healthcare, end-patient data safety was always a mandate.<br />
Therefore, we capture patient information including demographic<br />
data, and how we handle customer complaints handling<br />
process in the context of GDPR will be interesting.<br />
Alembic Pharmaceuticals Ltd. is an INR 31.31 billion Indian<br />
multinational pharmaceutical company headquartered in<br />
Gujarat, India. Alembic Pharmaceuticals Europe Limited,<br />
however, is the 100 % subsidiary of the Alembic Global Holding<br />
SA, and is located in Malta, Europe.<br />
Rangaraj said that their Indian business does not handle<br />
any EU datasets – but didn't fail to add that adhering to the<br />
guidelines and making them more bulletproof is how they<br />
see the whole thing.<br />
At Wanbury, Jitendra Mishra, its VP-IT and CIO said that<br />
the GDPR is an extension of an earlier law 1995 data protection<br />
directive. The pharma major is the largest manufacturer<br />
of Metformin in the world and exports to over 50 countries –<br />
65% of which comprises of regulated markets.<br />
“We supply 90% of our Metformin to European countries.<br />
We have employees as well as contractors across EU –and<br />
our chief compliance officer in cooperation with IT security<br />
as well as the board – is creating a Standard Operating Procedure<br />
(SOP) to ensure how the GDPR is going to impact our<br />
business, how we secure personal information of our customers,<br />
and how to map all these scenarios to mitigate risks by<br />
enforcing policies, technology and creating awareness in the<br />
organization.”<br />
Across verticals, businesses in India give an impression<br />
that they are in tune with the implications of GDPR. To an<br />
extent, they see their data privacy law offering assistance<br />
when it comes to tackling GDPR requirements as to how<br />
it will help in demonstrating that India is on par with the<br />
EU in terms of data protection law. However, almost everyone<br />
agrees that it needs careful revision to incorporate few<br />
amendments to align with strong protection regulation.<br />
Additionally, they believe that it will also ensure all companies<br />
in India have reasonable practices in place. This will give<br />
confidence to EU companies with subsidiaries in India or<br />
outsourcing work to India.<br />
It looks like the data privacy law has come at the right time<br />
when some Indian businesses are gearing up for biggest ever<br />
overhaul of data protection regulation<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
13