The Digital Personal Data Protection (DPDP) Act, 2023, establishes a comprehensive framework for data protection in India, empowering the Data Protection Authority (DPA) to hold companies and organizations accountable for non-compliance with data privacy regulations. The DPDP Act outlines a structured approach to identify, investigate, and penalize entities that fail to adhere to data privacy principles.
After receiving approval from both houses of Parliament and obtaining the President’s assent, the Digital Personal Data Protection Bill of 2022 has officially become the Digital Personal Data Protection Act of 2023. This Act is now in effect and governs the processing of digital personal data in India, regardless of whether the data was originally collected in digital or non-digital format and subsequently digitized.
Under the DPDP Act, state agencies may be exempted from its provisions at the government’s discretion. This legislation is designed to bolster data protection and accountability for entities such as internet companies, mobile apps, and businesses that handle citizens’ data.
The DPDP Act’s scope extends beyond the borders of India, encompassing digital personal data processing activities abroad. This extension applies specifically to organizations offering goods or services to individuals in India or engaging in the profiling of Indian citizens. In doing so, the Act fortifies data protection measures not only within India but also concerning Indian citizens’ data handled abroad.
While 90% of organisations that PwC India studied showed users a privacy notice when collecting data, only 9% sought consent that was free, specific and informed. And 43% did not provide a clear reason for which personal data was shared with third-parties. Only 4% of organisations studied have published a mechanism for notifying breaches on their website, the study found.
The report said 90% of the organisations showed users a privacy notice when collecting data through their websites, but since such a notice is the first step for any organisation entering the digital world, the high level of compliance did not indicate the presence of a robust data privacy framework. On the matter of third-party data transfers, 43% of organisations did not provide a clear reason for which personal data was shared with third-party data processors.
Experts feels that, for organisations in India, it is not only an opportunity to streamline their data collection and processing processes but to also build customer confidence and stakeholder trust, and enhance their global competitiveness… Investing now to become compliant will stand organisations in good stead in the future.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
