Companies must work hard to ensure data protection
On Monday, the Lok Sabha voted to pass the new Digital Personal Data Protection Bill. Union minister Ashwini Vaishnaw had promised, when he withdrew the previous draft of the data protection law, that we would have a new law in force before the conclusion of India’s Monsoon Session of Parliament. Monday’s vote was the first step in that direction.
While commentators have been falling over themselves to dissect various provisions of the draft law—and, in particular, the new changes it has introduced—I don’t think anyone has appreciated fully the extent to which businesses across the length and breadth of this country need to re-orient themselves to the new and fairly rigorous compliance regime that is about to come into force. This is a law that will apply to all businesses that process digital personal data in the country. Given how deeply data technologies have ingrained themselves in all facets of modern life, virtually every organization in India will be affected.
All of them will have to revisit their data practices, study their workflows and review their standard operating procedures to make sure they align with the requirements of the new law. Take the marketing function, for example. Most sales teams today acquire new customers by making cold calls to potential leads in an attempt to convert them into clients.
They source these leads from data brokers who aggregate these databases through dubious means—often without valid consent. Once the new law comes into force, nobody will be able to process personal information without the consent of those to whom it pertains. This means that, going forward, sales agents will be in violation of the law if they cannot demonstrate that the people they are calling have consented
. Read more on livemint.com
