Hamburg, a city renowned for its rich maritime heritage and economic dynamism, has long been a focal point for skilled labour migration. The city's strategic location as a major port and its thriving industries have made it a magnet for talent from around the world. Recognising the vital role that skilled labour plays in sustaining and enhancing its economic prowess, the state of Hamburg has actively pursued policies and initiatives to attract and integrate skilled professionals. The state, in collaboration with various enterprises, is working diligently to address the complexities associated with attracting and integrating international talent. One prominent example of this effort is Hapag-Lloyd, a leading global shipping company headquartered in Hamburg. Hapag-Lloyd stands out not only for its significant role in the maritime industry but also for its proactive approach to employing a diverse workforce, including a substantial number of Indian professionals. To gain deeper insights into the integration process and the experiences of these skilled migrants, a delegation recently visited Hapag-Lloyd. The visit was part of the Fachkräfte Initiative, led by the Hamburg Representation in Mumbai and the Senate Chancellery. This visit aimed to engage directly with the Indian community within the company, exploring how they are welcomed and integrated into the German work environment. By observing and interacting with both the employees and the management, the delegation sought to understand the practical aspects of the integration process and identify best practices that could be beneficial in other contexts. A key part of the visit was a session with Hapag-Lloyd's HR team, focusing on hiring, training, and integrating Indian professionals. This was followed by an informal discussion with Indian employees, which shed light on the onboarding process and the importance of community support, social integration, and intercultural training for both employees and their families. Challenges faced during integration, especially for accompanying family members, were also addressed. Despite Hapag-Lloyd's efforts to provide dedicated immigration and integration support, issues such as the Dual Career Problem, where spouses struggle to find employment in Germany, remain significant. The discussion aimed to explore potential solutions and enhance the overall experience for migrant families. This engagement with Hapag-Lloyd underscored the collaborative efforts between Germany and India to support skilled labour migration and integration. In a related development, Federal Labor Minister Hubertus Heil recently visited Hapag-Lloyd to further discuss the migration of skilled workers. Heil emphasised the potential of Indian professionals to address Germany's labour shortages and highlighted the importance of flexibility in recognising professional qualifications and reducing bureaucracy. The minister also acknowledged language barriers as a significant challenge and called for enhanced German language education and greater flexibility in visa procedures. This visit and the ongoing initiatives reflect a concerted effort to bridge the gap between skilled labour needs and migration policies, fostering a more inclusive approach to integrating international talent into the German workforce.
The Digital Personal Data Protection Act, 2023 (Act) was passed by the Parliament in August 2023. Almost after half a decade of deliberations, India has introduced a cross-sectoral legislation for protection of personal data. The Act applies to all forms of personal data that is collected in digital form and non-digital form but digitised subsequently. The Act does not apply to non-digital data, data processed for personal or domestic purposes; and data made publicly available by a data principal or any other person under a legal obligation. In terms of its territorial applicability, the Act applies to processing of data within India, regardless of whose data is being processed. In addition, if any personal data is being processed outside India in connection with supply of goods and services within India, the provisions of this Act would be applicable. While there are certain differences as compared to the General Data Protection Regulation (GDPR), the Act has based its foundation on the principles of data protection under GDPR. In the context of foreign companies with subsidiaries in India, it would be interesting to understand the manner in which the provisions of both these legislations will be synergised for building a strong data protection framework within a particular company. While the Act comprehensively covers all aspects of data protection and privacy, there are few notable features which hold significance for companies. Some of the salient features of the Act are as under: One of the key aspects of DPDPA is consent. The data fiduciaries are required to seek consent from users for processing of personal data. Consent can be sought by notifying the data principal. Companies are required to maintain a compliance structure for notifying the data principals. The data fiduciary is under an obligation to provide data principals a notice: containing a description of the personal data and the purpose for which it will be processed; details of the way data principals may exercise their rights to withdraw consent and grievance redressal; and details on how data principals may file a complaint with the Data Protection Board. As a good governance measure, companies can strengthen their data protection measures by keeping a record of the consent collected. Such a measure is helpful for the company to provide proof of compliance to the provisions of DPDPA. The Act requires data fiduciaries to implement ‘technical and organisational measures’ to ensure compliance with the DPDPA; adopt “reasonable security safeguards” to prevent personal data breaches; and notify the affected data principals and the Board in the event of a personal data breach. A company, in order to ensure fulfilment of its obligations under the Act, can establish a ‘privacy by design’ approach. The company needs to ensure that privacy is seamlessly integrated into all its products, services and designs. For example, as reasonable safety measures, the company can put in place access controls, pseudonymisation and encryption. It can initiate measures such as data protection assessment, internal policy changes and training programs for its staff. In addition, automated systems to understand the flow of data in and out of the system will help companies to keep a tab on the usage and control of personal data. Under the Act, the data principals are provided with certain rights, which includes right to access information about personal data; right to correction and erasure of personal data; right to nominate an individual to exercise rights on their behalf in the event of their death or incapacitation etc. The data fiduciaries are required to provide data principals with grievance redressal mechanisms. In order to provide these rights to the data principals, a company would need to establish a comprehensive data governance system, consisting of a data inventory and a data mapping system. This would help a company to cater to the right-based needs of the data principals. The Act empowers the Board to impose heavy penalties for non-compliance with the provisions of the Act and to provide remedial and mitigation measures. While there are no criminal liabilities under the Act, the Board can award penalties up to INR 250 crores for certain breaches. In awarding penalties, the Board will assess the steps taken by the company to mitigate the impact of the breach or non-compliance. In addition, the Board can ask the Government to issue directions to block access to the Data Fiduciary’s platform in certain cases, if required. Author: Shradhanjali Sarma Consultant audius India Private Limited Contact: Pratik Ghumade Director audius India Private Limited +91 8484 027530 pratik.ghumade@audius.de www.audius.de/en