 "India's DPDP rules: Govt in talks with industry to slash compliance time")
The government is in talks with industry and other stakeholders to reduce the timeline for compliance with regard to the Digital Personal Data Protection (DPDP) Act and Rules from the current 18 months, Union Electronics and Information Technology Minister Ashwini Vaishnaw said on Monday.
“The first set of rules that we have published gives a very reasonable timeframe depending upon what the industry’s ask was and what our thrust was. We are also in touch with the industry to further compress the timelines,” Vaishnaw said.
The Ministry of Electronics and Information Technology (Meity), he said, had informed the industry and other stakeholders that since they had a compliance framework to adhere to rules published in different geographies, they should be able to replicate the same in India.
On November 14, the government notified administrative rules under the DPDP Act, marking India’s entry into a select league of countries that have a federal digital personal data privacy regime. The notification of the DPDP Rules also marks the operationalisation of India’s privacy law, nearly 15 years after it was first envisioned.
The new rules give Internet and social media intermediaries, as well as all other companies that deal with users' digital data, up to 18 months to implement systems that comply with the provisions outlined in the Act and subsequent administrative rules.
Companies that wish to act as consent managers for users must register themselves with the Data Protection Board (DPB) within 12 months, according to the rules.
Under the new rules, Meity has mandated that all data fiduciaries will have to seek specific and informed consent of all data principals in “clear and plain language”.
The consent sought will also have to contain a detailed and itemised description of the user's personal data to be processed, along with the specific purpose for which the data fiduciary is collecting such personal data.
All companies, social media platforms, and Internet intermediaries that deal with digital personal data of users will fall under the category of data fiduciaries.
All users whose personal data is sought to be processed by these entities will now be referred to as data principals.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%