GDPR India

GDPR Solutions for India based businesses

GDPR Auditing is a specialist GDPR Auditing, training and consultancy business based in the EU.

We have a number of clients outside the EEA, including India, USA, Kenya, Canada, and Argentina.

GDPR places restrictions on the transfer of  personal data outside of the EEA. If you are a business based in India processing EU Citizens personal data then you will need to comply with the GDPR.

GDPR compliance for Indian business should be seen as a competitive advantage. As well as the potential fines and penalties for non-compliance, you risk losing business to your competitors.

What is the GDPR

In simple terms its a European law you will need to comply with if you are handling the personal data of EU citizens.

More formally –  The General Data Protection Regulation is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union.

It applies to all Controllers and Processors, both inside and outside of the EU, processing personal data of EU citizens.

The GDPR came into effect on the 25 May 2018, if you are dealing with EU Personal Data then you need to comply.

Data Processor

If you process data on behalf of a client then you are likely to be a Data Processor.

Your clients should require you to be GDPR compliant and if not, they may choose to move to a provider that is.

Prospective clients will most likely be asking about your GDPR compliance status during their due diligence.  If you are not compliant then you risk losing new business to your competitors.

Data Controller

If you provide services directly to EU nationals then you are a Data Controller as defined by the GDPR.

As a Data Controller you will need to comply with the GDPR and may also need an EU representative and an appointed Data Protection Officer (DPO).

GDPR – A Complete Solution

We offer complete GDPR solutions specifically designed for Indian based data controllers and data processors. This consists of a complete package at a fixed cost based on the size and complexity of your organisation.

Our GDPR packages can be tailored to your needs and can include the following and more as required:

  • EEA Representation
  • Data transfer mechanism (model clauses contract(s)) or B2B processing
  • Client agreements for B2C activities
  • Record of Processing and Data Retention Schedule
  • Website Privacy notices
  • Staff awareness
  • Data Subject Access request process
  • Breach and Incident reporting process
  • Accountability Framework
  • Data Protection Impact Assessment Process

Adherence and due diligence on the activities above is provided by way of an on-site audit and review of policies, procedures and documentation, consisting of:

  • A GDPR Audit to identify and priorities key remediation activities
  • A Security Audit to ensure correct technical safeguards are in place
  • Client contract reviews
  • Third Party Contract reviews
  • Access to our GDPR portal packed with guides, templates and downloads

Our audits are conducted on-site by our specialist data protection consultants.

Essentially if you comply with the GDPR Technical and organisational security measures, have the correct contracts in place and have EEA representation then there should be nothing stopping you processing EU data.

Contact Us

If you wish to learn more about how we can help your business with GDPR compliance or wish to join our ever increasing list of partners contact us at