After decades of deliberations, India took the step towards strengthening data protection in the digital space in 2024. This move was put in motion in August 2023 with the introduction of the Digital Personal Data Protection Act.
India’s Data Protection Act
Here are the salient points that you need to know about the Act:
Consent from data owners
The law mandates that entities interacting with data in a processing capacity must obtain consent from the individuals whose data is being processed. This is based on the importance of transparency and accountability in handling personal data.
The coverage of the law
The Act extends its coverage to include several forms of personal digital data. This includes data that originates digitally as well as non-digital data that undergoes digitalisation. It’s worthwhile noting that certain exemptions exist within the law’s cover, such as data processed by individuals for personal or domestic purposes as well as publicly available information.
The law’s implementation
There is no definitive commencement date for the law but it is expected to come into effect later in 2024. The full implementation hinges on the establishment of the Data Protection Board of India and when the enforcement mechanisms can be formed.
What Companies Can Do in the Meantime
In anticipation of the Act’s enforcement, companies are advised to identify potential implications and develop compliance mechanisms accordingly. Proactive measures taken now can help ensure alignment with the forthcoming regulations and mitigate any risks associated with non-compliance.
To receive information and/or assistance with legal matters and compliance law, please contact us.
Share on socials