Data Protection Board To Be Constituted In 30 Days: MoS Rajeev Chandrasekhar

Data Protection Board To Be Constituted In 30 Days: MoS Rajeev Chandrasekhar

SUMMARY

The government will start putting in place rules for compliance in the next few days and most of the rules for the Data Protection Board will be ready in 30 days, Rajeev Chandrasekhar said

MSMEs and early stage startups may be granted exemption and will not come under the purview of the DPDP Act immediately, the minister said

Under the Digital Personal Data Protection Act, the Digital Protection Board will monitor compliance with the Act and impose penalties for violations

The Data Protection Board, to be set up under the new Digital Personal Data Protection (DPDP) Act, 2023, will be in place within 30 days, said Minister of State for Electronics and IT Rajeev Chandrasekhar.

“We will start putting in place most of the rules for compliance in the next 5-6 days. Most of the rules will be placed within 30 days. The Data Protection Board will also be in place in 30 days,” Chandrasekhar said.

Guidelines for the eight rules, including consent management, will be put in place within a month.

The minister was speaking on the sidelines of a consultation held with various stakeholders on Wednesday (September 20) regarding the implementation of the DPDP Act. Industry associations, tech giants and some prominent startups participated in the discussion.

Chandrasekhar said that some government entities like those at panchayat level, micro, small, and medium enterprises (MSMEs), and early stage startups may be granted exemption and will not come under the purview of the DPDP Act immediately.

The ministry may also come up with necessary rules under the Act within this period. While all rules under the data protection code will not be immediately notified, essential ones will be prioritised for initial implementation.

In response to demand from the stakeholders, the ministry expressed willingness to engage in consultations regarding the rules before finalising them by releasing a draft, a source said.

The government, during the consultation, also clarified that the period between notification of the rules and the establishment of the data protection code would not provide immunity from data protection regulations. Complaints received during this transitional phase will be considered retroactively once the code is in place.

The government also hinted at section-based transition periods, as certain sections of the code related to age verification, processing children’s data, and Know Your Customer (KYC) obligations may require more time for compliance.

The government also asked stakeholders to provide insights on identifying data fiduciaries deserving of exemptions, defining the reasons for these exemptions, and explaining them in detail.

“We welcome the government engaging with multi-stakeholders through consultation as we inch towards implementing the Digital Personal Data Protection Act 2023. Indication of establishing a Data Protection Board and notifying some of the necessary rules in the next 30 days is a welcome move, as this would bring certainty in terms of compliance and next steps,” said Kamesh Shekar, Senior Programme Manager- Data Governance & Privacy at think tank The Dialogue, told Inc42.

“Besides, the government’s consideration towards having different transition periods based on the class of fiduciaries and sections is a step in the right direction as it considers the status quo of organisations, technical dependence, economic constraints, etc,” Shekar added.

After several years of waiting, India got its data protection law last month. The DPDP Bill was passed in the Lok Sabha on August 7 and in the Rajya Sabha two days later. On August 11, President Droupadi Murmu finally granted her assent to the Bill to become an Act.

The DPDP Act directs setting up a Data Protection Board of India to ensure its implementation. In case of any personal data breach, the board will be responsible for looking into the matter, inquiring into the breach, and imposing penalties.

The DPDP Act seeks to protect the privacy of Indian citizens. In case of any breach for misusing citizens’ data or failing to protect the digital data of individuals, the Act proposes a penalty of up to INR 250 Cr on entities.

You have reached your limit of free stories
This Diwali, Get Up To 72% Off On Inc42 Plus

Become A Startup Insider With Inc42 Plus

Offer Fading Away This Week
countdownmail.com
2 YEAR PLAN
₹19999
₹6999
₹291/Month
UNLOCK 65% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹3999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Data Protection Board To Be Constituted In 30 Days: MoS Rajeev Chandrasekhar-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Data Protection Board To Be Constituted In 30 Days: MoS Rajeev Chandrasekhar-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Data Protection Board To Be Constituted In 30 Days: MoS Rajeev Chandrasekhar-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Data Protection Board To Be Constituted In 30 Days: MoS Rajeev Chandrasekhar-Inc42 Media
Data Protection Board To Be Constituted In 30 Days: MoS Rajeev Chandrasekhar-Inc42 Media
You’re in Good company