Data protection board, relevant rules likely in a month
start-ups. However, big tech or companies like Google, Meta, Apple and others that would already be complying with global data protection or privacy laws such as the GDPR, would be expected to comply at the earliest. “They would have to make a strong case why they need more time for transition.
Companies that were aligned with GDPR should not take time, but wherever there are requirements that go beyond GDPR, so to speak, they should specify the time needed for transition. Non-digital companies will be given longer time period. Where there is a need for architectural enhancement (reference to right to erasure or verifiable parental consent for processing data of children) and more time is needed, we will look into it," the minister said.
On being asked whether the ministry would look at tiers of six months to a year, Chandrasekhar said that while the government wants to ensure that there would be zero disruption, it won’t give extended deadlines for compliance with the rules. “Age gating, parental consent requires an EKYC framework to be in place, so that till take longer transition period. Not more than 12 months (will be given)," he said.
During the consultation, which lasted for over an hour, the minister declined to give an exemption to financial or lending services providers that are regulated by the financial services regulator, stating that the Act provides for regulation by two bodies. While the DPDPA has been in force since 11 August, the rules under the law are still to be issued. A senior official in the ministry had earlier said that most of the 25 rules that were needed to enable the Act, were drafted and ready.
Read more on livemint.com
