India's New DPDP Rules: A Paradigm Shift in Data Protection
India's new DPDP rules establish a comprehensive framework to enhance data protection, focusing on consent standards, data security, and user rights. These rules demand clearer consent notices, stringent security measures, and a structured approach for handling personal data breaches. Organizations face significant compliance obligations with potential steep penalties for violations.
- Country:
- India
India is set to revolutionize data protection with its newly implemented DPDP rules, aiming to empower individuals with better control over their data. These rules mandate clear consent processes, requiring companies to provide detailed notices, ensuring that consent withdrawal is as easy as it is to give.
Under this framework, entities, known as data fiduciaries, must adhere to stringent security protocols, including encryption and comprehensive data breach notifications. The guidelines also emphasize the role of consent managers, who oversee the management of data consent across platforms, ensuring individuals' data rights are safeguarded.
Notably, the rules impose penalties of up to Rs 200 crore for non-compliance, reflecting the seriousness of data protection enforcement. Significant data fiduciaries are required to conduct regular audits and assessments, aligning with globally recognized practices while addressing India-specific requirements for data localization and protection.
(With inputs from agencies.)
Google News