New DPDP Rules: Navigating Data Protection Timelines and Compliance
The Digital Personal Data Protection (DPDP) Rules impose strict timelines and compliance requirements on companies handling personal data, involving user notifications, data retention, and security measures. The rules iterate annual impact assessments, audits for significant firms, and encompass provisions ensuring rigorous data management and breach reporting protocols.
- Country:
- India
The newly introduced Digital Personal Data Protection (DPDP) Rules are setting definitive timelines and compliance standards for companies handling personal data. These rules specify rigorous procedures for alerting users about data breaches and retaining traffic data and logs for a minimum of one year.
E-commerce platforms, gaming companies, and social media sites are mandated to erase personal data after three years of user inactivity, with few exceptions. Moreover, a 'consent manager' is tasked with maintaining consent records for a minimum of seven years, as stipulated by the rules.
The DPDP Rules demand companies adopt solid security measures for safeguarding data, performing annual impact assessments, and obligating immediate reporting of breaches to both users and the Data Protection Board, ensuring efficient data management processes and timely compliance with the stipulations.
(With inputs from agencies.)
ALSO READ
Indore traffic cop 'dances' his way down to constable's post for social media 'indiscipline'
Modi ally proposes social media ban for India's teens as global debate grows
SRCC rejects 'caste discrimination' claims made on social media, money exchange between students
Karnataka: Two arrested over hate-inducing social media posts
Delhi riots case: Court grants interim bail to Khalid Saifi, bars him from using social media
Google News