Governance & Risk Management , Privacy , Standards, Regulations & Compliance

India May Postpone Enforcement of New Data Protection Law

Small Businesses, Hospitals May Get More Time to Comply With Legislation
India May Postpone Enforcement of New Data Protection Law
Indian Minister for State Rajeev Chandrasekhar addresses the media during a press conference. (Source: Shutterstock)

Indian government officials say they may delay enforcement of the new Digital Personal Data Protection Act to give small businesses and healthcare organizations more time to comply with the new regulations.

See Also: The Biggest & Boldest Data Breaches & Insider Threats of 2023

Minister of State for Electronics and IT Rajeev Chandrasekhar said a decision on the deadline will come sometime after the government sets compliance rules and appoints a Data Protection Board in the next 30 days.

The board will first investigate data protection failures and consider the impact of the regulations on behalf of micro-, small and medium-sized enterprises and hospitals that are not ready to comply.

"The goal is to create a culture of trust - a behavioral change among all who deal with personal data - and create the change required to make them do it responsibly and in alignment with the trust that the data principle has agreed to," Chandrasekhar said. "This is a deterrent act. It is supposed to create good behavior."

India's first-of-its-kind data privacy law, enacted in August, provides for a maximum fine of up to $30 million for privacy violations. It also eases data localization requirements, restricting localization to payment data and allowing the free flow of personal data between certain regions.

The act also gives the independent Data Protection Board the power to adjudicate privacy disputes. Individuals can appeal the board's decision to the Telecom Disputes Settlement and Appellate Tribunal and ultimately the Supreme Court of India.

Chandrasekhar said businesses and institutions must give valid reasons for an extension on compliance.

"Companies that already follow similar rules like that of the GDPR shouldn't ask for a very long time to follow these new rules. We are now in the phase of implementing these rules, and it should happen smoothly and quickly," he added.

To support the effort, the Ministry of Electronics and Information Technology is spending $85 million on a nationwide information security education and awareness program aimed at schools, colleges, and public and private sector organizations.

About the Author

Jayant Chakravarti

Jayant Chakravarti

Senior Editor, APAC

Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.