Data Protection Board (DPB) under the Digital Personal Data Protection (DPDP) Act, 2023, will be in place in the next 30 days, minister of state for electronics and IT, Rajeev Chandrasekhar said here on Wednesday.
«This window between now and the DPB’s constitution is not a holiday… The law is in effect (already),» Chandrasekhar said at an industry consultation on the Rules for the DPDP Act, which became a law in August. He added that breaches that come up during the intervening period will be taken up by the Board once it is constituted.
Under the DPDP Act, a DPB consisting of a chairperson and members appointed by the central government, will be set up. On receipt of an intimation of personal data breach, the DPB can direct any urgent remedial or mitigation measures, and inquire into such breach, and impose penalty as provided in this Act.
However, not all rules will be notified at get-go, he clarified. «There’s no logic or incentive for the government to delay the giving of these rights or enforcement of the rights for our citizens. So therefore, it will be an exception that we give any long transition period, or a transition period at all,» the minister said.
But all the relevant Rules will be out in the next 30 days, Chandrasekhar announced. Explaining the three categories that may be considered for a longer implementation timeline, he said that government entities, say at panchayat level, which are low on