Union Minister Rajiv Chandrashekhar, responsible for Electronics and IT, has announced the creation of a Data Protection Board within the next month.
This development follows discussions with industry representatives, policy experts, and legal professionals about implementing the Digital Personal Data Protection Act.
Alongside the formation of the board, essential regulations under the DPDP Act will also be issued within a month.
Swift Formation of Data Protection Board
In a significant move after the enactment of the DPDP Act, the Union Minister engaged in discussions with stakeholders under the Digital India Dialogue.
During this session, he emphasized the importance of stakeholder consultation in lawmaking, highlighting Prime Minister Narendra Modi’s commitment to this approach.
The Minister of State for IT also addressed the transition period for data fiduciaries, particularly smaller entities such as startups, MSMEs, and healthcare institutions that handle people’s data.
Providing More Time for Compliance
Smaller entities, like startups and healthcare establishments, may require additional time to comply with the regulations under the law,
as they may lack experience in managing data compared to larger organizations. Therefore, they may request extended periods for learning and adherence.
Setting Reasonable Compliance Timeframes
The Minister stressed the need for a valid rationale in determining the time required for data fiduciaries to comply with the rules.
Over 100 stakeholders, including industry associations, startups, IT professionals, think tanks, and legal experts, actively participated in this dialogue session.
Understanding the Data Protection Act
The Digital Personal Data Protection Act, 2023, comes six years after the Supreme Court recognized the Right to Privacy as a fundamental right.
It aims to prevent the misuse of individuals’ data by online platforms. The act explicitly states that citizens’ data can only be used as legally required.
In case of data misuse, individuals can contact the Data Protection Board to file complaints, and the board will take appropriate action as per the act’s norms.
Penalties for Misuse of Data
The act also outlines penalties for the misuse or inadequate protection of digital data. Companies may face fines of up to ₹250 crore in cases of data breaches or mishandling.
