As much as 52 per cent of organisations were 'very concerned' about the potential impact of upcoming privacy regulations in India on their operations and data handling practices, according to a study by professional services firm EY.
The survey, released months after the enactment of the Digital Personal Data Protection (DPDP) Act, 2023, found that some 32 per cent of organisations foresee technical implementation challenges. Around 10 per cent of organisations were concerned over the need to revisit the existing vendor contracts, while 50 per cent of organisations are yet to acquire relevant skills but are open to outsourcing data privacy tasks.
While the rules that would provide exact processes of the DPDP Act are yet to be notified, the government has consistently claimed that large organisations must not require much time to comply. Only small startups, government entities and Micro, small, and medium enterprises (MSMEs) will likely get extra time for implementation.
Survey findings highlighted that only 36 per cent of organisations have Data Protection Officers (DPOs) based in India, which is a must for 'significant data fiduciaries' under the law. Organisations believe this could impact their ability to manage the consent management framework envisioned in the DPDP Act.
Other challenges identified include inadequate awareness of regulatory guidelines, resource constraints in their compliance journey and organisational resistance to change. These challenges may create obstacles in implementing the necessary changes within the organisation, the study says.
Also Read: DPDP Act 2023: Consent managers crucial in data protection amid transition
Also Read: DPDP Act 2023: Consent managers crucial in data protection amid transition
According to EY, its survey covered various industries and a rich tapestry of professionals occupying various roles. It canvassed 105 professionals from a multitude of industries, including professional services, banking and capital markets, media and entertainment, life sciences, consumer packaged goods, insurance, and more. The survey's participants came from diverse roles, such as decision-makers, strategists, compliance officers, and specialists in various domains.
More From This Section
"Compliance with this legislation necessitates establishing a robust technological infrastructure to guarantee data security and accountability. Moreover, organisations must cultivate a proficient workforce capable of comprehending the legal and ethical dimensions of data processing and adeptly managing data breaches," says Lalit Kalra, Cybersecurity Consulting Partner, EY India.
The report also shows that around 61 per cent of customers expressed discomfort with firms utilising their personal information for tailoring ads and promotions. However, around 68 per cent of them trusted businesses that were transparent with their data protection measures.
A significant majority (76 per cent) of respondents expressed that an organisation's commitment to data privacy and transparency would indeed influence their buying preferences. This indicates an increasing awareness among consumers regarding data privacy matters and a readiness to support companies that make privacy a priority.