Entities may have around a year to adapt their systems to comply with the norms of the Digital Personal Data Protection Act, 2023, Minister of State for Electronics and IT Rajeev Chandrasekhar said on Wednesday. The guidelines for the Data Protection Commission and eight rules, including consent management, will be in place within a month, Chandrasekhar told reporters during consultations with industry.
“The industry wants more time for age restrictions, with different transition timelines for different data fiduciaries. We expect the transition of most rules other than age restrictions to take place within 12 months from now,” said the minister.
About 125 people representing various companies participated in the consultation, including Meta, Lenovo, Dell and Netflix.
Six years after the Supreme Court declared the ‘right to privacy’ a fundamental right, the Digital Personal Data Protection Act, 2023, has provisions to curb misuse of personal data by online platforms.
The bill aims to protect the privacy of Indian citizens and also proposes to impose fines of up to Rs 250 crore on entities that misuse or fail to protect personal digital data.
The law stipulates that data collected by citizens should be used in accordance with the law, can only be used for the purpose of collection, and the amount of data should be limited to the required range.
In case of any grievance, an individual may approach the Data Protection Commission which will handle the complaint in accordance with the norms of the Act.
“We will start formulating most of the compliance rules in the next 5-6 days. Most of the rules will be formulated within 30 days. The data protection committee will also be formulated within 30 days,” Chandrasekhar said.
Svlook
