Passed by Parliament in August 2023, the DPDP Act aims to provide safeguards against the processing of personal data. The draft rules, awaited since the Act’s passage, are now open for public feedback through the MyGov portal until February 18, 2025.
The industry has been seeking clarity on the data protection law to better prepare systems for the necessary compliance and responsibilities. The rules are expected to provide detailed guidance on important areas like the structure and functions of the Data Protection Board (DPB), and how users can file complaints or appeal decisions made by the DPB. There will also be clear procedures for users to request access to their data and ask for it to be deleted by companies, known as Data Fiduciaries.
Additionally, the new law will set timelines for Data Fiduciaries to erase personal data when consent is withdrawn and for resolving user complaints. There will be guidelines for obtaining parental consent for minors’ data and requirements for notifying users in case of a data breach. The law will also establish the conditions for Consent Managers, who handle user consent, including technical, operational, and financial requirements.
First Published: Jan 3, 2025 8:40 PM IST
