Digital Personal Data Protection Law, a senior government official said.
Under the graded plan, while bigger companies such as Meta, Google and others may be given a shorter time for the implementation of the rules, the time for other entities including startups, micro, small, and medium enterprises(MSMEs), central government departments and state governments may be more, the official said.
“The transition period will have to be notified first that the rules will be effective from that day. That conversation is still ongoing. We have had a broad conversation with consumer groups, state, and central governments. Now we have to have a conversation with the big tech companies and startups,” the official said.
In the conversations so far, startups and MSMEs have sought more time as they are not equipped right now to handle the changes needed to be implemented under the DPDP Law, the official said, adding that the graded timelines will be the first thing to be notified under the new law as it will set the tone for the notification of other rules.
“Once we are clear that we have a time of say 6 months for the implementation of DPDP Law for big tech companies, we can start working on other aspects such as the setting up of the Data Protection Board, the members for it, or what other rules should be,” the official said.
The government has