MeitY asks stakeholders to not wait for rules but build capabilities on data protection Act

The Centre has directed every organisation, including industry and public bodies, to not wait for the rules of the Digital Personal Data Protection Act to be notified to adapt their systems and build capacities in keeping with the new law. The message was conveyed during a meeting with stakeholders where senior officials of MeitY, National Informatics Centre, members of the industry, civil society and lawyers were present.

According to sources, the government did not commit to a timeline on the release of the rules of the DPDP Act for consultation.

"The myth was busted that please don’t wait (for the rules to be released). Officials said that the rules are not going to add any incremental value or clarity,” one the participants who was present at the meeting.

Another source said, "Officials said that rules will not override the Act. There will be nothing miraculous in it, and hence it was prudent for organisations to start building their capacities in accordance with the Act."

The DPDP Bill was passed by Parliament nearly a year ago which happens to be India's first data privacy law and will bring safeguards to prevent personal data breaches. However, the law has still not yet been implemented as many provisions require additional rules.

Another takeaway of the meeting was that the government, through the rules, doesn’t intend to micromanage compliance efforts. Instead, a principles-based approach will prevail, meaning organisations must demonstrate proactive transparency in their data handling practices.