Data Privacy Trends in India: 2023 will be a gamechanger for businesses
25 Jul 2023, By Theja Ram - Content Director & Senior Manager Servicing
India is witnessing a massive shift in data protection efforts. Businesses have long gotten used to following the Security Practices and Procedures and Sensitive Personal Data or Information 2011 and the Information Technology Act 2008. But in November this year, everything changed with the draft Digital Personal Data Protection Bill (DPDPB) being released for public consideration. In 2023, the legislation is most likely going to be enacted, challenging many businesses with the process of keeping up with the new law.
In 2023, businesses will have to overhaul many legacy processes to make way for new ones in order to comply with the data privacy legislation. This requires new infrastructure and technology capable of tackling these complexities or companies will be paying hefty fines. In the year ahead, we will see many businesses in India prioritize data protection efforts. For companies wondering where to start, a good place would be to identify the trends in the market. Here are data privacy trends that will change the way businesses operate in 2023.
Keeping up with consent
The new DPDPB defines how data must be collected and how or when it must be deleted. The bill also lays down rules for ensuring consent is obtained in “clear and simple language”. Besides, individuals who consent to sharing their personal data with businesses are given the right to withdraw this consent at any time they choose. In 2023, businesses will have to be very mindful of the data they collect and what they use it for. The bill also defines consent for minors and this is new for businesses, which will require them to come up with new processes that are in line with the new regulations. Besides, the bill requires businesses to adopt a consent management software to handle such issues. This will require businesses to put a lot of thought into identifying solutions that would best suit their needs.
Transparency, a key driver
The DPDPB levies hefty fines on organizations for noncompliance. This will be a primary motivator for businesses to invest in data protection programs in 2023. But one thing is crucial. Businesses will need to build data privacy programs that are transparent or risk lawsuits. This is because the DPDPB gives individuals the right to grievance redressal before the Data Protection Board. When businesses get pulled up for non compliance, it opens them up to liability. The best solution would be to adopt a transparent program that complies with norms.
What data to retain and what to delete?
The new bill makes provisions to levy a fine of Rs 250 crore for failure of businesses to to take reasonable security safeguards to prevent personal data breach. One of the best ways to ensure data is protected is to delete unwanted data as cyber criminals can’t breach what’s not there. Organizations in India will need to focus on getting rid of unwanted data and to do this, they need to get rid of silos. Companies need to maintain data hygiene or know what data resides where. This will be a critical driver for businesses in 2023 as data privacy becomes necessary for business continuity. A great way to maintain data hygiene is through data inventory and data discovery be it, on prem or the cloud or numerous end points. Without data hygiene, it would be difficult to comply with the new laws.
Tackling privacy impact assessment and cross border data transfers
With the new bill expected to be enacted in 2023, businesses in the country will begin the process of conducting privacy impact assessment (PIA) or the cost of non-compliance. To do this, businesses will need a clear picture of record of processing activities (ROPA) to identify the purpose of collecting the data and knowing whether the data is being collected for the right reasons. For companies with a global presence, complying with the new law becomes difficult especially if processes are manual. Businesses need the right solutions to determine whether data is being used for the intended purpose and whether data transfers are in compliance with existing laws.
Third-parties and risk
As businesses and their vendors are equally responsible for complying with the new law when it is enacted, data protection would also come with the added risk from third parties. Businesses need to know what data they are sharing with vendors, whether vendors are legally compliant, to avoid the risk of penalties. Without technology, keeping up with all vendors and their data privacy practices is an arduous task. With the right solutions, companies can monitor vendor risk and ensure third parties are following the norms
The new data protection regime will change the way businesses in India function drastically. In 2023, we will see a lot of Indian businesses begin their journey to establishing data hygiene and adopting comprehensive privacy programs. Navigating this period of change requires technology that will make the journey seamless. It’s perhaps why many businesses in India will turn to data privacy software that can solve all their issues in one go.
At Star Squared PR, we specialize in reputation and brand building for businesses across sectors by identifying issues that correlate with current affairs and the media’s interest. If you’re looking to create a prominent online presence for your brand amidst the chaotic clutter, we’d be happy to help you stay relevant, build and maintain the brand image you deserve.