Some entities may get a year's time to comply with data protection rules: MoS

IANS Photo

IANS Photo

New Delhi, September 20 (IANS): Minister of State for Electronics and IT, Rajeev Chandrasekhar, said on Wednesday that some entities may be given a year’s time to fine-tune their systems to comply with the Digital Personal Data Protection Act, 2023.

On forming the Data Protection Board and key rules, the minister said that these will be placed within 30 days.

In the first ‘Digital India Dialogue’ discussions on the recently enacted Digital Personal Data Protection Act with key industry stakeholders, the minister deliberated upon the transition time needed for specific clauses of the law and to seek specific inputs on the implementation.

“Over the next 30 days, there will be necessary rules prescribed for the Act. We will also work on forming the Data Protection Board in the upcoming month. Some businesses like startups and MSMEs and establishments like hospitals that handle people's data might get more time to adhere to these rules,” the minister said.

“This is because they may not have as much experience in handling data as bigger data fiduciaries do. So, they can ask for more time to learn and follow the rules. If anyone breaks these rules, the Data Protection Board will handle it and make decisions. But they will only start doing this when they are fully ready for adjudication,” Chandrasekhar told the attendees.

The session was attended by a diverse range of stakeholders of the technology ecosystem including industry associations, startups, IT professionals, think tanks and lawyers.

The minister reiterated the primary purpose of this law which is to guarantee the trust and safety of all digital nagriks, emphasising that all
data fiduciaries must adhere to the law.

He further assured that the government is open to considering valid arguments for extending the compliance period when accompanied by
compelling reasons.

“Companies that already follow similar rules like that of the GDPR (EU’s General Data Protection Regulation) shouldn't ask for a very long time to follow these new rules. We are now in the phase of implementing these rules, and it should happen smoothly and quickly," said the minister.

The consultations are in line with Prime Minister Narendra Modi’s consultative approach to law and policy making.

Industry leaders have hailed the passing of the Digital Protection Data Protection (DPDP) Bill 2023 by the Parliament, saying India is rapidly digitising and hence the bill stands as a crucial and long-awaited piece of legislation which upholds an individual's right to safeguard their digital privacy.

From hefty penalties ranging from a minimum of Rs 50 crore to a maximum of Rs 250 crore on social media platforms for violating rules to enabling digital markets to grow more responsibly while safeguarding citizens' data, the data protection bill envisages the creation of a Data Protection Board of India.

The Bill will apply to the processing of digital personal data within India where such data is collected online, or collected offline and is digitised. It will also apply to such processing outside the country, if it is for offering goods or services in India.

Data fiduciaries will be obligated to maintain the accuracy of data, keep data secure, and delete data once its purpose has been met.

The Bill grants certain rights to individuals, including the right to obtain information, seek correction and erasure, and grievance redressal.

Companies are required to appoint a Data Protection Officer and share their contact details with the users.