The Government of India will notify the rules for recently passed Digital Personal Data Protection Act (DPDP Act) and the Data Protection Board will be constituted in the next 30 days, Union Minister for State for Skill Development & Entrepreneurship and Electronics & IT Rajeev Chandrashekhar said.
Speaking at the first Digital India Dialogue discussions with key stakeholders from the industry for the DPDP Act, Chandrashekhar said the primary purpose of this law is to guarantee the trust and safety of all digital nagriks, emphasising that all data fiduciaries must adhere to the law. He further assured that the Government is open to considering valid arguments for extending the compliance period when accompanied by compelling reasons.
Chandrashekhar added that establishments like hospitals and certain businesses like startups and MSMEs that handle people’s data do not have experience in handling data like bigger fiduciaries and hence, might get more time to adhere to these rules.
Talking about the companies who already follow GDPR (European Union’s General Data Protection Regulation), he said that they shouldn’t ask for an extension to implement rules under the DPDP Act. “We are now in the phase of implementing these rules, and it should happen smoothly and quickly. The goal is to create a culture of trust, a behavioural change among all who deal with personal data and create the change required to make them do it responsibly and in alignment with the trust that the data principle has agreed to. This is a deterrent act, it is supposed to create good behaviour,” the Minister added.
The discussion was on the transition time needed for specific clauses of the DPDP Act and to seek specific inputs from stakeholders on the implementation. More than 100 diverse range of stakeholders of the technology ecosystem including industry associations, startups, IT professionals, think tanks and lawyers attended the session.