Apps and websites will face new challenges and responsibilities upon the enactment of the Digital Personal Data Protection Bill, 2023 as they will likely need to overhaul their data handling procedures and introduce new features.The government has tabled the Digital Personal Data Protection Bill, 2023 in the Lok Sabha. It provides a framework for lawful data collection, processing, and protection of private data. In the event of data breaches, fines of up to Rs 250 crore could be levied. Each platform will be required to obtain clear and informed consent from users for data processing. They must also issue a notice detailing the data processing purpose and the user's rights.Initial compliance pressure is likely to be higher for consumer-facing organisations dealing with personal information, experts predict."Companies dealing with digital personal data might need a platform to manage various privacy activities, to monitor whether consent is properly collected and applied. They might need to provide a copy of their information upon a user's request. With a significant load, automation becomes necessary," said Nader Henein, research vice president, Privacy & Data Protection.The Bill demands that platforms obtain confirmable consent from a parent before processing any personal data from a person below 18 years or in the case of people with disability, from lawful guardians. This, according to Henein, will be a complex task.A user notice prior to data collection must be available in all 22 official languages. This may prompt the introduction of multilingual features in notices and consent forms. Furthermore, erasing a user's personal data if they retract their consent presents a complex challenge for platforms."Platforms will need to consider how they draft the data collection purpose in the consent request. Platforms already processing personal data will now need to establish procedures to gain users' consent within a reasonable timeline," said Aparna Gaur, leader of IP, Technology, Media and Education, Nishith Desai Associates.The Bill also necessitates platforms to disclose any data breaches. Non-compliance could result in penalties up to Rs 200 crore."There's currently no need to notify users in cybersecurity incidents, but the Bill requires platforms to inform users of data breaches. This is not a common practice and will significantly alter conduct," Gaur added.Digital hygiene and process overhaul will be as crucial as developing new in-app compliance features, according to Manish Sehgal, partner, Risk Advisory, Deloitte India."Processes need revision and reconsideration. The platform and automation are just means to enable correct procedures. Companies need to ensure they have the right process to inform users about data collection, subsequent actions, and any third parties involved," Sehgal stated.He also added, "Platform changes are critical, but they need to be supported by correct processes by design, ensuring proper data structures, roles, responsibilities, and understanding of data flows. With these in place, everything can be executed well once the interfaces are built in the platform functionality."Kirti Mahapatra, partner, Shardul Amarchand Mangaldas & Co, stated that many websites and apps are already subject to various Indian laws that mandate certain data governance mechanisms and content regulation."The new law requires these platforms to carry out compliance actions that may demand changes to their consent frameworks, including providing descriptive notices, even for legacy data, and alignment of their existing data management practices to comply with obligations of a data fiduciary and effect data principals' rights," said Mahapatra.