The media and web was recently abuzz with the stirring debacle that Facebook and Google just faced. But what caused it? It was the effect of GDPR, a radical legal regulation that the European Union passed.

What is GDPR?

General Data Protection Regulation (GDPR) is a legal measure taken by the European Union for safeguarding the privacy of the people. It was brought into force on 25th May 2018. It is a legal foundation that sets guidelines for people’s personal information and the collection of it. The idea is to ensure that the personal information of people is protected and is not as accessible. There are several principles that the GDPR lays down which are equally applicable in 28 countries of the European Union. These principles suggest that following constitute an individual’s personal information:

  1. Email addresses
  2. Phone numbers
  3. Residential addresses
  4. IP Address
  5. Browsing behavior
  6. Social networking details.

The GDPR is a law concerned with a phenomena that is universal, i.e, the web. It is this reason why that a region specific law like this is ensuing impacts at an international level. Although there are effects of a radical law like this being seen on all sections of an economy, the businesses that have faced the maximum impact are the ones that naturally tend to rely on such data for their functioning.

Many E-commerce businesses are modelled in a way that they rely on such data. For instance advertises pop ups of clothes based on one’s browsing behavior. Their advertising on Facebook shows how their ad pop ups are customized to a person’s browsing behavior and history on their website.  However, with the introduction of GDPR, seeking such information shall be greatly affected. Other businesses alike that run on target customers will be impacted.

Many Indian E-commerce websites also deliver internationally in many European nations, like, the Indian Emporium ( These companies may be impacted very greatly since their ties with European customers will now be influenced by the GDPR. A major implication of this will be in terms of creation of specific advertisements. Since the businesses shall be unable to find personal information regarding consumers easily, the process of creating customized advertisements or branding strategies may get tougher. A basic guideline of creating advertisements is to ensure that it reflects the ideas and values of the audience and appeals to them. In order to achieve this, it is important to understand and analyze the audience which a law like GDPR may hinder.

GDPR also lays down radical norms in terms of third-party contracts and international transfers that the businesses need to face. Many Indian E-commerce businesses indulge in outsourcing services in terms of payment based transactions, IT services, Business Processing Operations etc., for example, Flipkart’s outsourcing partnership with Serco. Flipkart outsourced around 300 workers to Serco who being on an outsourced payroll may not appear in Flipkart’s books. This will fetch more revenue per employee. But after the regulation of GDPR, the company now has to sign a written contract including the concerned third party which will help the authorities keep track of the amount of information being processed. This will result in the inclusion of the outsourced employees in the company’s books thereby impacting the company’s revenue per employee.

There are  provisions under GDPR which allow people to delete or modify information about them. Although many websites had this option even earlier, the GDPR aims to ease out the process further. This easy choice of deletion of accounts may impact the Global business of the Indian E-Commerce websites by impacting their traffic, sales etc.

There are businesses that exclusively deal with such data. Perpule, for instance, is a company that deals with self-checkouts, focuses on supplying data to E-Commerce websites. Many customers have their card details linked to their accounts based on which Perpule carries out easy cashless transactions. Despite being an Indian company, Perpule may face consequences later. Predominant retailers of Perpule happen to be local Indian ones like Hypercity, which implies the inapplicability of GDPR. However later when this business expands to international levels, the company may face the effects of GDPR.

The far-reaching impact of GDPR as we saw can be intense. We must understand this potential impact well in order to be able to deal with it effectively. E-Commerce businesses should start laying more importance on the consent of the consumers. For instance, many websites sign us up for their vouchers or email notifications which must now be avoided. Businesses can flash a small write up of around 5-6 sentences regarding the purpose of the information that they need.

The impact of GDPR on Indian E-commerce businesses as discussed above can be quite profound.


Cicco D., Hellepute C., Shen L., Burman K., Prinsley M., Yaros O., 2018, How will GDPR impact E-Commerce Businesses?