Express Computer
Home  »  Guest Blogs  »  How organisations can stay compliant with the latest data privacy regulations in India

How organisations can stay compliant with the latest data privacy regulations in India

0 160

By Akshat Gairola, Partner, Cybersecurity, BDO India

Digital Personal Data Protection Bill, 2023 (DPDP Bill) was introduced in the Lok Sabha on 3 August 2023, passed in the Lok Sabha on 7 August 2023, followed by the Rajya Sabha on 9 August 2023. The much-awaited bill applies to any organisation offering goods and services in India.

To assuage doubts or concerns regarding this bill, stakeholders and leaders would need to drive a change of mindset within their teams. They should effectively communicate the intent of the bill, which is not to complicate business operations but to ensure that Data Principal Identifiable Information is collected with consent and used for its intended purpose. This awareness is crucial as the success of any data privacy framework hinges on teams following it diligently.

It is important for organisations to conduct a gap assessment against the DPDP Bill to understand the maturity of their practices vis-à-vis the bill’s provisions. After analysing and discussing the outcome of the report, the relevant stakeholders and business leaders can define a roadmap in terms of designing and implementing the framework. It should be noted that educating the teams with their responsibilities is a pivotal, yet challenging, task. Organisations should know principally where all the data is stored and what departments it passes through, and develop a structured approach where data flow diagrams are created and updated annually or whenever a major change occurs.

If an organisation falls under significant data fiduciary, it is mandated to have a Data Protection Officer and conduct a Data Privacy Impact Assessment. Organisations must ensure that they have adequate security to protect data from breaches. However, in the event of a breach, an effective data breach management procedure is crucial to contain and report to the Data Protection Board and Data Principal. While there is no mandate on whether the framework should be managed manually or through technical solutions, leveraging technology is advisable for better assurance around the implementation and sustenance of the framework. Effective consent management is also one of the key elements of the bill. It is crucial for data fiduciaries to conduct a thorough review of existing contracts with data processors, particularly those organisations leveraged for processing principal data.

Additionally, it’s important to note that there are exemptions concerning data processing. One such exemption is related to the security of the state. Another exemption is applicable when data processing is deemed necessary for research, archiving or statistical purposes, providedthat the personal data is not used to make any decision specific to a data principal and such processing is carried on in accordance with the act/bill.

The awaited formation of a Data Protection Board is on the horizon. However, it is recommended that organisations need not wait for the board’s constitution to embark on their compliance journey. The board, when constituted, may have powers to audit organisations to assess their data privacy framework alignment with the DPDP Bill. Otherwise, if a Data Principal raises a complaint for a date after the bill’s enactment, the board should be well within its right to assess an organisation’s framework. To reiterate, it is essential that stakeholders and business leaders mandate their teams to follow the laid-out framework. Success for organisations in achieving this will significantly benefit Data Principals, leading to a societal win.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image