Your go-to hub for Expert Insights,
Publications, and Resources on
data privacy and compliance

The wait is finally over! The Ministry of Electronics and Information Technology (MeitY) has released the much-anticipated draft rules for the Digital Personal Data Protection Act (DPDP Act), a landmark legislation passed in August 2023. This move marks a crucial step towards establishing a robust data protection framework in India.

Key Highlights of the Draft Rules:

• Children's Data Protection: The draft rules emphasize stringent measures for processing children's data. Data fiduciaries must now obtain verifiable consent from parents using government-issued IDs or digital tokens linked to identity services like DigiLocker. While this is a crucial step, the rules also propose exemptions for educational institutions and child welfare organizations, which require careful consideration.
• Consent Manager Framework: The draft rules introduce a framework for consent managers, requiring them to register with the Data Protection Board and maintain a minimum net worth of Rs 2 crore. This provision aims to ensure responsible and transparent data handling through intermediaries.
• Establishment of the Data Protection Board: The draft rules outline the establishment of the Data Protection Board, a crucial regulatory body. The Board will function as a digital office, enabling remote hearings and empowering it with the authority to investigate breaches, enforce penalties, and ensure compliance with the DPDP Act.

What This Means for Businesses:

The release of these draft rules has significant implications for businesses operating in India:

• Compliance is Key: Businesses must now carefully review the draft rules and assess their current data handling practices to ensure compliance.
• Focus on Children's Data: Companies handling children's data must prioritize robust consent mechanisms and implement strong security measures to safeguard sensitive information.
• Importance of Consent Managers: Businesses may need to engage with registered consent managers to ensure compliance with the new regulations.
• Preparing for Board Oversight: The establishment of the Data Protection Board will increase scrutiny over data handling practices. Businesses must be prepared for potential investigations and enforcement actions.

Next Steps:

The public consultation on the draft rules is open until February 18, 2025. This provides stakeholders with a valuable opportunity to provide feedback and influence the final shape of the DPDP Act's implementation.

DPDP Consultants: Your Trusted Partner in Compliance

Navigating the complexities of the DPDP Act can be challenging. At DPDP Consultants, we offer expert guidance and support to help businesses achieve and maintain compliance. Our services include:

• DPDP Act Gap Analysis: Assessing your current data handling practices against the requirements of the DPDP Act.
• Data Privacy Audits: Conducting thorough audits to identify and address potential risks and vulnerabilities.
• Policy Development: Assisting in the development and implementation of comprehensive data privacy policies and procedures.
• Training and Awareness: Providing training programs to educate employees about data privacy best practices.

Looking for expert advice from top consultants?

Whether you need guidance on legal compliance consulting or tool-based technical solutions, DPDP Consultants can help you with the best professional services in the industry. Get tailored insights and practical solutions to help you succeed.

For News updates, expert insights, and practical tips on DPDP compliance and personal data security please subscribe to our newsletter Privacy Talks.