Four regulatory changes that rocked enterprise tech in 2018

2018 has been a year of regulations both in India and globally.

Regulations meant enterprises had to implement a lot of changes using technology. It even sprung up a host of new startups in the RegTech sector. Here is a roundup of all the major regulations that across verticals in 2018. 

1. GDPR came into effect on May 25 this year

The General Data Protection Regulation of EU came into effect on May 25 2018, with the aim to protect data and privacy of individuals within the European Union and the European Economic Area. 

Related: GDPR is here; but businesses struggle spend, and look unprepared

GDPR essentially reshaped the way in which various sectors manage data. It redefines the roles for business leaders, CIOs and CMOs. Post the implementation, IT leaders had to ensure that they have strong and secure consent management processes in place. Within the first month of the regulation being mandated, there were more than 3,850 complaints filed according to the International Association of Privacy Professionals.       2. Data Localization  

‘India’s first privacy law’ mandated that all information collected online has to be stored within the country and critical data has to be processed only within the country. Along with this the Reserve Bank of India mandated that all fintech companies should store data only in India. However, there are speculations on whether this could hamper the fintech revolution and the progress made in recent years. 

Related: Why e-payment companies give RBI’s data localisation mandate a thumbs-up

3. Aadhaar Judgement

On September 26, the Supreme Court ruled that private entities cannot use Aadhaar for KYC authentication, but it be used for government related processes such as PAN and income tax filing. This essentially meant that telecom companies, private banks, payment players and insurance companies cannot demand for Aadhaar as a mandatory proof anymore. The ruling also said that metadata or granular data within Aadhaar cannot be analyzed. And data stored for authentication has to be struck down after six months.

Related: Aadhaar verdict: Constitutionally valid, with restrictions on who can seek the data

4. New PPI regulations 

The Reserve Bank of India released new guidelines for PPI payments in India, under which all wallet players had to ensure complete KYC of their customers by December 30, 2017. On request from various wallet players, this deadline was extended to February 28, 2018. Wallet players were until now fulfilling the nominal KYC method for its users, which basically required a simple telephone number verification.

However, the new norms by the RBI state that every user must undergo a complete KYC. Those customers who do not have a full KYC done, can hold a balance of only Rs 10,000. The full KYC requires companies ensure their customers link their wallets to their Aadhaar. It further requires the collection of biometrics and physical verification by an agent within one year of the nominal KYC.

Related: Are the new KYC norms destroying the purpose of digital payments?