Tech giants such as Meta and Google may have a shorter timeframe to comply with the rules
On the other hand, startups, micro, small, and medium enterprises (MSMEs), central government departments, and state governments may be granted more extended periods for compliance
During the ongoing discussions, startups and MSMEs have asked for additional time to prepare for the required changes mandated by the DPDP Law
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
The government is charting a phased timeline for the enforcement of rules under the new Digital Personal Data Protection Law.
While major tech companies like Meta and Google will have shorter compliance timelines, startups, micro, small, and medium enterprises (MSMEs), along with central and state government departments, are expected to receive extended deadlines, according to a report by ET.
Currently, the government is in talks with an array of stakeholders, including consumer groups and government agencies, to finalise the rules for implementing the DPDP Law. The next stage will involve discussions with leading tech firms and startups to ensure seamless compliance transitions.
During the ongoing discussions, startups and MSMEs have asked for additional time to prepare for the required changes mandated by the DPDP Law. The official, as quoted in the report, said that the graded timelines for implementation will be the initial focus for notification under the new law, as they will establish the framework for notifying other rules.
“Once we are clear that we have a time of say six months for the implementation of DPDP Law for big tech companies, we can start working on other aspects such as the setting up of the Data Protection Board, the members for it, or what other rules should be,” the official said.
The government has already drafted nearly 21 rules aligned with the DPDP Law and will soon begin consultations with relevant stakeholders. These rules, accompanied by operational guidelines, will be officially announced by the government once finalized.
After receiving approval from both the Lok Sabha and Rajya Sabha in August, the Digital Personal Data Protection (DPDP) Bill of 2023 has now become a law following President Droupadi Murmu’s assent.
The DPDP Act of 2023 governs the handling and processing of digital personal data within India, regardless of whether the data was initially collected offline and later digitised.
The law also applies to data processing activities outside India if they relate to offering goods or services to residents in India. It defines key terms, including ‘personal data’ and ‘processing.’ Under the DPDP Act, ‘personal data’ refers to any information that could identify an individual either directly or in relation to the data.
Minister of State for Electronics and IT, Rajeev Chandrasekhar, stated last month that the government will soon announce the appointment guidelines for the chairperson and members of the Data Protection Board, which will be responsible for monitoring compliance with the new law.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.