India's Privacy Law: Companies Walk A Tightrope Between Compliance And Innovation

Technology Written by S Das Updated: Nov 01, 2023, 9:32 pm

India's Privacy Law: Companies Walk A Tightrope Between Compliance And Innovation

India”s Digital Personal Data Protection (DPDP) Act of 2023 was anticipated to be a transformative piece of legislation for the country”s tech landscape. However, two months after the law”s enactment, companies are grappling with its complex provisions, leading to more questions than answers.

Companies across various sectors, from FMCG giants to small startups, and from banks to tech firms, are facing challenges in understanding how to implement the DPDP Act. The government”s recent announcement of different compliance deadlines for large companies and smaller entities has created confusion and chaos, adding to the complexity.

Lawyers specialising in technology, media, and communication are seeing a surge in inquiries from companies seeking guidance on how to navigate and implement the new law. The DPDP Act has introduced strict rules on data protection and privacy, and companies need to adapt to ensure compliance. Implementing the Act involves various steps, including conducting gap assessments and internal audits of data collection, storage, and sharing practices. Sending notices to users for consent is also a time-consuming process.

Large companies like Tata Communications have initiated the gap assessment process to align with the Act”s requirements but have requested a reasonable transition period for full compliance. Companies that already comply with data laws from other countries, such as the EU”s GDPR, are advised to perform a gap analysis.

However, some companies, particularly banks, are finding the timeline of six months for compliance to be insufficient. Banks in India possess extensive personal data and must appoint consent managers, establish personal data management policies, and hire data protection officers and independent data auditors. For banks, this transition process may take at least a year.

The government has indicated that transition periods will vary based on factors like digitisation levels and data protection compliance maturity. Entities with lower levels of digitisation, government bodies, early-stage startups, micro, small, and medium enterprises, as well as specific healthcare institutions, are expected to receive extended timelines.

In the middle of these challenges, the DPDP Act”s implementation is a complex journey for companies in India. They must navigate a maze of regulations and compliance requirements while ensuring the protection of personal data and privacy.

TRENDING

Congress Chief Mallikarjun Kharge Demands JPC Probe Into Exit Poll-Driven Market Rally

Mamata Banerjee's Trinamool To Support INDIA Candidate K Suresh For Speaker

Priyanka Gandhi’s Electoral Debut From Wayanad: What Congress Said

“Standalone Device, No Need For OTP”: Election Commission On Mumbai EVM Controversy

“Serious Concerns...”: Rahul Gandhi On EVM Access To Winning Candidate's Relative In Maharashtra

EVM Access To Winning Candidate's Relative: "Fraud At Highest Level," Says Shiv Sena (UBT) MP Priyanka Chaturvedi

"Will Back BJP's Choice": JD(U) Leader KC Tyagi Amid Suspense Over Who Will Be Lok Sabha Speaker

India's Privacy Law: Companies Walk A Tightrope Between Compliance And Innovation

Related

Charting the Course: The Innovation Imperative for Businesses in the Unpredictable Landscape of 2024 and Beyond

AI Is Enough: Google To Fire 30,000 Employees, Implements AI Tools Instead

US AI Regulation Order Sparks Lessons For India: Balancing Innovation And Citizen Interests

US AI Regulation Order Sparks Lessons For India: Balancing Innovation And Citizen Interests

Balancing Innovation And Regulation: Metaverse Industry Weighs In On Regulatory Proposals

Driving Digital Transformation: How Leaders Can Foster Tech-Driven Innovation

India's Data Protection Law: What To Watch Out For