Digital Personal Data Protection law reaches final act

India's Digital Personal Data Protection (DPDP) Act is on the brink of implementation as the Ministry of Electronics and Information Technology (MeitY) prepares to release draft rules for public consultation. This significant development comes after the completion of inter-ministerial consultations, with the crucial approval from the Home Ministry received on Tuesday, December 31st. The DPDP Act, which was passed over 16 months ago, has remained inoperative pending the finalisation of its rules, leaving key provisions aimed at ensuring data privacy, enforcing data minimisation, and imposing penalties for violations unrealised.

With the draft rules now cleared, businesses can anticipate significant changes in data handling practices. The final rules will address critical components of the DPDP Act, including user consent mechanisms, data handling procedures, and compliance timelines. Companies are expected to have a transition period of 18 to 24 months to adapt to the new regulatory framework, aligning with global practices that typically allow 12 to 30 months for similar overhauls.

Once implemented, the Act will empower consumers with greater control over their data. Companies handling user data will be required to disclose the information they possess, enable users to request data deletion or specify usage preferences, and provide details on the purpose of data collection, permissible uses, and deletion timelines.

MeitY is set to release the draft rules for public consultation, followed by their eventual notification and phased implementation. The government also plans to establish the Data Protection Board, an adjudicatory body to address disputes between data principals (users) and fiduciaries (data handlers).

For B2B companies operating in India, this marks a crucial time to review and update data handling practices. As the country moves towards a more robust data protection regime, businesses that proactively align with the upcoming regulations will be better positioned to build trust with clients and partners in the evolving digital landscape. The implementation of the DPDP Act represents a significant step forward in India's data protection journey, bringing it closer to global standards and creating a more secure digital environment for both businesses and consumers.