Ministry of Home Affairs Approves Draft Rules for Digital Personal Data Protection Act; Public Consultations to Follow
In a pivotal move for data privacy in India, the Ministry of Home Affairs has approved the draft rules for the long-awaited Digital Personal Data Protection (DPDP) Act. This decision propels India closer to comprehensive data protection, with the Ministry of Electronics and Information Technology (MeitY) now set to initiate public consultations.
The DPDP Act, passed over 16 months ago, had been mired in delays due to pending rule finalization, impeding critical provisions like user consent management and data handling. With the draft rules now cleared, MeitY is preparing for a phased implementation that will allow organizations time to comply.
Key provisions of the new rules include robust mechanisms for user consent, data handling protocols, compliance timelines, and special provisions for minors. Entities failing to adhere to these regulations could face steep penalties, reaching up to ₹250 crore per violation, empowering consumers to request data deletion and manage consent preferences effectively.
Globally inspired, the framework allows an estimated 18-24 month transition period for businesses to align with these newly established standards. An official emphasized the necessity of cohesive integration among stakeholders to ensure smooth adoption.
Once operational, the DPDP Act will significantly impact consumers, enhancing their control over personal data, requiring businesses to disclose data handling processes, and offering the ability to manage data collection timelines.
While concerns about the implementation timeline have been raised by some ministries and private entities, a phased approach aims to address these challenges. Public consultations will be crucial in refining the rules and promoting transparency.
This development is a major milestone for India, setting the stage for robust data protection standards and aligning the nation with global leaders in data privacy legislation.