Data PrivacyData Protection Laws – Where India Stands?

𝐃𝐚𝐭𝐚 𝐏𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧 Laws – 𝐖𝐡𝐞𝐫𝐞 India 𝐒𝐭𝐚𝐧𝐝s?

The data protection law for India i.e The Digital Personal Data Protection Act,2023(DPDPA), has already been enacted on 11th August,2023 at a time when worldwide in many countries, data Protection enactments are either under the process of finalisation or under implementation from this September,2023 onwards.

Say country like Saudi Arabia is gearing to implement the data protection regime from 14th September,2023. While, fast developments in Data Protection laws are awaited in Argentina, Australia, Canada, Seychelles and South Korea, at the same there will be a new Swiss Data Protection Act,2023 to be replaced and implemented from 1st September,2023 only.

𝐆𝐥𝐨𝐛𝐚𝐥𝐥𝐲

As per UNCTAD, the importance of privacy and data protection is increasingly recognized. So far, 137 out of 194 countries had put in place legislation to secure the protection of data and privacy.

𝐈𝐧𝐝𝐢𝐚

𝐈𝐦𝐩𝐥𝐞𝐦𝐞𝐧𝐭𝐚𝐭𝐢𝐨𝐧 – The complete implementation will take atleast 18months as the enactment itself envisages that it shall be implemented in a phase wise manner.

𝐄𝐱𝐞𝐦𝐩𝐭𝐢𝐨𝐧 – The Minister of State of Electronics and IT, Mr.Rajeev Chandrasekhar has been sharing insights on the DPDPA from time to time. He has already clarified that 𝐞𝐱𝐞𝐦𝐩𝐭𝐢𝐨𝐧 𝐦𝐚𝐲 𝐛𝐞 𝐠𝐢𝐯𝐞𝐧 𝐚 𝐩𝐞𝐫𝐢𝐨𝐝 for a period of 𝟑-𝟔 𝐦𝐨𝐧𝐭𝐡𝐬 𝐭𝐨 𝐒𝐭𝐚𝐫𝐭𝐮𝐩𝐬 to test their products during which they will be exempted from certain stringent provisions subject to parameters and type of Startups as may be notified.

𝐑𝐞𝐠𝐮𝐥𝐚𝐭𝐨𝐫𝐲 𝐀𝐥𝐢𝐠𝐧𝐦𝐞𝐧𝐭- The Sectorial Regulators will be aligned with the DPDPA. Certain sectors like the Healthcare and Fintech will have DPDPA implemented in a very stringent manner while giving weightage to the respective Regulators.

𝐒𝐢𝐠𝐧𝐢𝐟𝐢𝐜𝐚𝐧𝐭 𝐃𝐚𝐭𝐚 𝐅𝐢𝐝𝐮𝐜𝐢𝐚𝐫𝐢𝐞𝐬(𝐒𝐃𝐅) – They have to be more vigilant to start preparing and working on the DPDPA. They should simultaneously focus on appointing a 𝐃𝐚𝐭𝐚 𝐏𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐎𝐟𝐟𝐢𝐜𝐞𝐫(𝐃𝐏𝐎) well in time so that they can avoid last minute preparations.

Finally, Organisations must thrust upon two significant factors;

One – Inculcate a Policy to respect personal Data and

Two – Start taking Data Driven Decisions

𝐒𝐭𝐚𝐫𝐭𝐢𝐧𝐠 𝐏𝐨𝐢𝐧𝐭 – When entire word is committed towards respecting  Data, and this is corroborated by efforts of 137 Countries to be working on Data Protection enactment/bills in different stages, and India already has enacted its DPDPA, this is the high time to gear up to align the organisational Data ecosystem in accordance with the 7 Principles of Data Protection especially when the penalty provisions are enough to create an imbalance in bottomline of the Organisations at the first place.

Authored by

Mr. Anandaday Misshra, Founder & Managing Partner, AMLEGALS with a global expertise in Data Protection laws across various sectors.

For any query or feedback, please feel free to get in touch with dataprivacy@amlegals.com or mridusha.guha@amlegals.com