The Centre has asked organisations, including industry and public bodies, to not wait for the rules of the Digital Personal Data Protection Act to be notified to adapt their systems and build capacities in keeping with the new law, sources have told Moneycontrol.
The message was conveyed during a meeting with stakeholders on October 14. Senior officials of Ministry of Electronics and Information Technology (MeitY), National Informatics Centre, members of the industry, civil society and lawyers were among those who attended the meeting.
The government did not commit to a timeline on the release of the rules of the DPDP Act for consultation, sources said. "The myth was busted that please don’t wait (for the rules to be released). Officials said that the rules are not going to add any incremental value or clarity,” one the participants in the meeting told Moneycontrol.
Another source said, "Officials said that rules will not override the Act. There will be nothing miraculous in it, and hence it was prudent for organisations to start building their capacities in accordance with the Act."
The DPDP Bill was passed by Parliament nearly a year ago but India's first data privacy law, which brings safeguards to prevent personal data breaches, has still not yet been implemented as many provisions require additional rules.
Also read: Educational, health institutions may be exempted from restrictions on children’s data processing
From MeitY, the meeting was attended by UIDAI CEO and additional secretary Amit Agarwal, additional secretary Bhuvnesh Kumar, cyber laws group coordinator Deepak Goel and others.
Another takeaway of the meeting was that the government, through the rules, doesn’t intend to micromanage compliance efforts, sources said. Instead, a principles-based approach will prevail, meaning organisations must demonstrate proactive transparency in their data handling practices.
Officials also shed light on how data fiduciaries and data processors would be held accountable for data breaches.
“The obligations are largely placed on the data fiduciary. So officials said that even if you have a processor, the obligations will still fall on the fiduciary to ensure that security measures are in place,” another of person who attended the meeting said.
Also read: Verify parents through govt ID: Draft DPDP Rules on avoiding self verification by children
Everyone spoke on condition of anonymity.
The dialogue is critical as the DPDP Act marks a significant shift in the data protection regime, placing stringent obligations on data fiduciaries to ensure compliance.
With growing concerns over data breaches and misuse, clarity on how fiduciaries and processors must operate is essential for building trust in digital services.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
