Data Protection Board, Major Rules in a Month, says IT MoS – The Economic Times

https://economictimes.indiatimes.com/epaper/delhicapital/2023/sep/21/et-comp/data-protection-board-major-rules-in-a-month-says-it-mos/articleshow/103819746.cms?utm_source=newsletter&utm_medium=email&utm_campaign=ETepaper_paid&utm_content=disruption-startups-tech&ncode=75d64f4897e8e8ac52cb55467461f7a63c51ccf2c2e8b7502f8bb50efea8914770182bbe663b16a660327ded5e1fa0abb2f39284eaabdd1c587111f0bdd0ca995d173817df59722dad893c74a1696902

Clipped from: https://economictimes.indiatimes.com/epaper/delhicapital/2023/sep/21/et-comp/data-protection-board-major-rules-in-a-month-says-it-mos/articleshow/103819746.cms?utm_source=newsletter&utm_medium=email&utm_campaign=ETepaper_paid&utm_content=disruption-startups-tech&ncode=75d64f4897e8e8ac52cb55467461f7a63c51ccf2c2e8b7502f8bb50efea8914770182bbe663b16a660327ded5e1fa0abb2f39284eaabdd1c587111f0bdd0ca995d173817df59722dad893c74a1696902

Synopsis

The Data Protection Board (DPB) under the Digital Personal Data Protection (DPDP) Act will be in place in the next 30 days, minister of state for electronics and IT Rajeev Chandrasekhar said here on Wednesday.

The Data Protection Board (DPB) under the Digital Personal Data Protection (DPDP) Act will be in place in the next 30 days, minister of state for electronics and IT Rajeev Chandrasekhar said here on Wednesday.

“This window between now and the DPB’s constitution is not a holiday … The law is in effect (already),” Chandrasekhar said, adding that breaches that come up during the intervening period will be taken up by the board once it is constituted.

The government on Wednesday held an industry consultation on the rules for the DPDP Act, which became effective in August. The meeting in the national capital was attended by representatives of several large tech firms such as Meta and Snap, and industry bodies like Nasscom.

Under the DPDP Act, a DPB consisting of a chairperson and members appointed by the central government will be set up. On receipt of an intimation of personal data breach, the DPB can direct any urgent remedial or mitigation measures, and inquire into such breach, and impose penalty as provided in this Act. “There’s no logic or incentive for the government to delay the giving of these rights or enforcement of the rights for our citizens. So, therefore, it will be an exception that we give any long transition period, or a transition period at all,” the minister said.

While speaking to reporters on the sidelines, Chandrasekhar said the government expects transition for most of the provisions of the Act (except age-gating) within 12 months.

While not all rules will be notified at the get-go, the minister said all the relevant ones will be out in the next 30 days.

The government was ready with a broad draft of the 21 rules under the DPDP Act, a government official had previously said.

Eight rules will be put in place by the government, including one on consent management, Chandrasekhar told reporters. Explaining the three categories that may be considered for a longer implementation timeline, he said government entities, say at panchayat level, which are low on the totem pole of digitisation may be exempted.

Micro, small, and medium enterprises, and places important for public services like hospitals which are not sophisticated digitally, may also get more time, he said. Early-stage startups may also be exempted from implementing the DPDP Act right away, he said.

“The rest of the world will have to make a strong case on why they deserve or why they require a transition period,” he said.