IGI Logo

Below the Inputs on rules of Digital Personal Data Protection Act by Vikas Bansal, Partner, IT Risk Advisory and Assurance, BDO India

"The DPDP Act, with its forthcoming rules, represents a fundamental and permanent shift in the business landscape. It requires a completely new approach to data, one where "Data Principals" (your customers) are empowered with unprecedented rights, and "Data Fiduciaries" (your organisation) are subject to new responsibilities. The financial penalties for non-compliance are severe, with fines of up to Rs.250 crore. In a move that links data protection with the future of technology, the Minister also announced that a national AI governance framework will be released by the same date.

This is a real and present concern. With these rules expected shortly, organisations must adopt a structured compliance framework. Data mapping and creating ROPA style inventories become critical to track all the data processing activities. Drafting and updating privacy policies, retention schedules, data principal rights, and breach notifications is now mandatory. 

It is no longer a matter of if you will be compliant, but when. The businesses that will not only survive but thrive are those that take this news seriously, act with urgency, and embed data protection as a core principle of their operations."

Above views are of the author and not of the website kindly read disclaimer