The draft rules of the Digital Personal Data Protection (DPDP) Act, outlined in a Frequently Asked Questions (FAQ) document released on January 5, clarify that while there is no blanket data localisation requirement, the transfer of personal data outside India may be restricted for certain categories of data.
"The DPDP Act and the draft rules do not mandate that all personal data be stored within India. However, they do provide provisions to restrict the transfer of personal data outside India for certain classes," the FAQ document stated.
The rules propose the establishment of a committee that may recommend restrictions on such data transfers by Significant Data Fiduciaries concerning specified personal data.
On January 3, the IT Ministry released the draft rules for public consultation, with the ministry accepting feedback on the legislation until February 18. The draft rules also grant the Central Government the authority to limit the transfer of personal data to foreign countries, entities, or individuals based on national security, sovereignty, or privacy concerns.
What else do the FAQ sayData Protection Board will have an app: "The Data Protection Board itself will function as a digital office and will be born digital, with a digital platform and app to enable citizens to approach it digitally and to have their complaints adjudicated without their physical presence being required," the FAQ said.
Adequate time for transition: "Further, adequate time will be given to all entities to adapt their systems to meet the requirements of this law. Processing of digital data on the basis of consent given before the coming into force of the new law is permitted and such processing may continue while citizens are given notice regarding the same so that they may exercise their rights under the law," the FAQ document said.Consent to be taken in any of 22 Indian languages: "Digital platforms will have to inform and take consent of people in English or any of the 22 Indian languages listed in the Constitution, in the language of their choice. They will also have to notify their users of the online links using which they may exercise their rights...," it said.
Penalties will be proportionate: "The quantum of penalty would depend upon the nature, gravity, duration, type, repetitiveness, efforts made to prevent breach, etc. Further, Significant Data Fiduciaries have higher obligations under the Act and rules, while a lower compliance burden is envisaged for startups," the FAQ read.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
