New DPDP Rules: Navigating Data Protection Timelines and Compliance
The Digital Personal Data Protection (DPDP) Rules impose strict timelines and compliance requirements on companies handling personal data, involving user notifications, data retention, and security measures. The rules iterate annual impact assessments, audits for significant firms, and encompass provisions ensuring rigorous data management and breach reporting protocols.
- Country:
- India
The newly introduced Digital Personal Data Protection (DPDP) Rules are setting definitive timelines and compliance standards for companies handling personal data. These rules specify rigorous procedures for alerting users about data breaches and retaining traffic data and logs for a minimum of one year.
E-commerce platforms, gaming companies, and social media sites are mandated to erase personal data after three years of user inactivity, with few exceptions. Moreover, a 'consent manager' is tasked with maintaining consent records for a minimum of seven years, as stipulated by the rules.
The DPDP Rules demand companies adopt solid security measures for safeguarding data, performing annual impact assessments, and obligating immediate reporting of breaches to both users and the Data Protection Board, ensuring efficient data management processes and timely compliance with the stipulations.
(With inputs from agencies.)
ALSO READ
Karnataka Government Addresses Egg Safety Concerns Amid Social Media Claims
Delhi HC asks social media intermediaries to act in 7 days on former cricketer Sunil Gavaskar's plea to protect personality rights.
Reddit Challenges Australia's Controversial Social Media Ban for Under-16s
Delhi Government Boosts Public Image with Verified Social Media and Nodal Officers
Reddit Challenges Australia's Social Media Age Ban in High Court
Google News