India is stepping up its game in data privacy with a new draft of rules for the Digital Personal Data Protection Act (DPDP Act). This will be India’s first complete regulation aimed at protecting personal data online. Once these rules are official, they’ll cover data processing inside India and even outside if it’s related to offering services to people in India. Though the DPDP Act isn’t active yet, businesses should start planning ahead. Here’s a rundown of what’s in this new draft and how to get ready.
Key Changes in the DPDP Act
The DPDP Act, passed in August 2023, comes with important updates to India’s data privacy rules. Here are the main points:
- Consent: Companies must get clear, written permission from individuals before collecting sensitive personal data. They need to inform people about what data is being collected and why, using straightforward language.
- Security Measures: Organizations are required to set up security policies and measures to protect personal data and prevent breaches. This includes detailed security protocols and terms in contracts with data processors.
- Data Breach Notification: If there’s a data breach, companies must promptly inform both the Data Protection Board and affected individuals within 72 hours, unless they receive an extension from the authority.
- Data Deletion: Companies must delete personal data once the individual withdraws consent or if the original reason for collecting the data is no longer valid. They must notify the individual 48 hours before deleting any data.
- Data Protection Officers: Companies must appoint a data protection officer based in India. If they don’t need one, they still need someone to handle queries about personal data. Details about these officers should be available on company websites.
- Children’s Data: When handling children’s personal data, companies need to get verified consent from a parent or guardian. They cannot use any data collection methods that could harm a child’s well-being.
- Individuals with Disabilities: Similar rules apply here; verified consent must come from a parent or guardian for data related to individuals with disabilities.
- Cross-Border Data Transfer: The Indian government may impose additional rules when personal data is processed outside of India.
- Consent Managers: These are registered entities that help manage consent for data processing. They must meet certain criteria, including being incorporated in India and having a specific level of financial backing.
Looking Ahead
The DPDP Act hasn’t launched yet, and no start date is set. The rules are open for public comment until February 18, so they might change based on feedback.
Implementation of the new laws will be phased, giving businesses time to adapt when they come into play.
How to Prepare
If these proposed changes go through, both U.S. and international businesses that deal with digital personal data from India should reassess their data privacy policies to ensure compliance.
Related Posts
San José Spotlight: Santa Clara County Education Office to Implement Layoffs – What It Means for Students and Teachers
Game-Changing Tech Visas and Trade: Why India’s ‘Total Killer’ Leader is Meeting with Trump
Discover How Ebenezer’s Food Pantry is Stocking Up: A Journey to Support Our Community’s Needs – Salisbury Post
Breaking News: Trump Tariffs Update – Commerce Secretary Lutnick Hints at Extended One-Month Exemptions Beyond Autos
“Retired Justice Michael Wilson and Professor Vesselin Popovski Champion PM Gati Shakti as Key to Overcoming Global Transportation Challenges” – www.lokmattimes.com
Trump to Discuss Ukraine Peace Efforts with Putin on Tuesday: What it Means for the War
Kamala Harris Honored with Chairman’s Prize at NAACP Image Awards: A Celebration of Leadership and Excellence
Essential Guide to Super Bowl Party Food Safety: Important Recall Alerts You Need to Know
