NewDelhi: New Digital Personal Data Protection (DPDP) Rules have been recently unveiled by the Indian government to curb data theft in the country by keeping a close watch over social media platforms and telecom companies. These regulations, with a heavy effect on both startups as well as tech giants, impose stringent rules on handling the data and cross-border data transfer rules.
Companies would be required to seek permission from a designated committee before they can share Indian data anywhere. Voice call information and streaming information will come under more scrutiny, with telecom companies now designated Service Data Flow (SDF) entities and expected to demonstrate the appropriate data management controls.
If personal data breaches occur, the regulations oblige organisations to immediately disclose them to affected individuals. For the tampering with user data, social media platforms and financial institutions will be held accountable.
That could mean the necessity for local servers to be created for some of these big tech and social media companies to store certain data here within India. This localisation requirement would drastically increase compliance costs, especially in the case of startups.
It is also notable that all data collection permissions will now require the use of digital tokens. The data protection board then mandates that consent managers are registered with it, having a minimum net worth of 120 million rupees (that is around 15 million dollars or £1.15 million).
Feedback on these rules is being sought by the government through the MyGov portal until 18 February 2025. They followed the approvals of the Digital Personal Data Protection Act in August 2023.
On the increase are businesses across the spectrum preparing themselves for larger operational changes as well as data management practices while India moves closer to a more robust data protection framework.
Comments are closed.