“The Digital Personal Data Protection Act arrives when India stands at the threshold of a digital revolution. In a burgeoning internet economy, data fuels interactions between businesses and individuals. Consequently, a robust governance framework becomes imperative, and this Act aptly fulfills that role. Upholding digital privacy and safeguarding personal data are its primary goals, with a focus on preserving citizens' digital footprint and shielding them from unjust practices. Furthermore, the establishment of the Data Protection Board (DPB) enhances the government's ability to pinpoint violations, take corrective measures against unethical conduct, and guarantee the integrity of citizen data and privacy,” said Rajesh Garg, Sr. EVP, Chief Digital Officer, Head of Applications, Cybersecurity & CISO Function, Yotta.
“The Act also empowers individuals with greater command over their data, digital interactions, and the utilisation of data generated in these interactions. A nationwide sensitisation campaign post-implementation is vital, enlightening individuals about their rights and the legal framework safeguarding them. Given the growing digital presence and online engagement of individuals, personal data is increasingly vulnerable to misuse. The Digital Personal Data Protection Act holds data custodians accountable for its security, ensuring ethical and equitable use of citizens' data. In its entirety, the Act reinforces the foundation for India's forthcoming data-driven digital transformation journey,” concluded by Rajesh Garg, Yotta.
Challenges for Organizations in Complying with New Law
“As we transition into the implementation phases of the Digital Personal Data Protection Act, there lies an array of tasks. Firstly, adapting to a principle-based framework demands customised strategies, requiring careful alignment with evolving standards. Secondly, integrating "appropriate technical and organisational measures" and "reasonable security safeguards" necessitates resource-intensive adjustments to existing systems. Thirdly, balancing extended Data Principal rights with intricate consent dynamics can be operationally complex. Fourthly, compliance as Significant Data Fiduciaries (SDFs) necessitates appointing Data Protection Officers, conducting audits, and Impact Assessments, potentially straining resources. Lastly, navigating penalties for non-compliance underscores the urgency for stringent internal audits and proactive alignment with the evolving rules. While these challenges arise, a proactive approach to tailor processes, leverage potential, and foster privacy awareness can position companies at the forefront of responsible data stewardship in the digital era,” added Rajesh Garg, Yotta.