Data privacy rules in limbo, tech industry on edge
₹250 crore on entities failing to prevent data breaches or misuse of the personal data of individuals. The Act was notified last year but rules under the law are yet to be finalised. Read this | Mint Explainer: Concerns around Digital Personal Data Protection law Another executive emphasized the importance of releasing the DPDP rules to avoid regulatory ambiguity.
“Tech firms catering to global markets already comply with Europe’s General Data Protection Regulation (GDPR). For India to attract investments, a clear legislative structure is needed at the earliest. The lack of it may impact smaller firms more than larger ones," he noted.
A senior official with the Ministry of Electronics and Information Technology assured that the rules would be published “very soon—within the coming weeks." The impending rules are expected to outline specific compliance requirements, timelines, and penalties for non-compliance. However, the delay in their publication has forced companies to adopt a wait-and-watch approach, hindering their ability to fully implement data protection measures. “The final draft will be published for public consultation, followed by any necessary alterations.
Once finalized, there will be clearly defined compliance periods for companies," the government official explained. More here | Data privacy rules to be issued for consultation shortly: Rajeev Chandrasekhar Consequently, most stakeholders, including the three executives cited above, expect the on-ground impact of the DPDP Act, 2023, to manifest only from 2026. The delay has caused issues within tech firms in India.
Read more on livemint.com
