New Delhi: Leading industry leaders and stakeholders hailed the passing of Digital Personal Data Protection Bill (DPDP) 2023 by the Parliament as it secured the Rajya Sabha’s nod this week, terming it a “watershed moment”.
Nasscom said this marks a significant leap forward for India to establish a robust framework for personal data protection and build India as a trusted data destination.
Ensuring comprehensive data protection is paramount for accelerating India’s digital economy and the bill strikes a harmonious balance between flexibility and data privacy measures, it said.
“The technology industry and Nasscom have been working collaboratively with the government from the start to share insights and industry experiences from global regulations, the India differentiators and provided detailed submissions through the evolution of this Bill,” Nasscom President Debjani Ghosh said.
According to some of the key recommendations which are reflected in the Bill, the concept of purpose limitation and data minimisation should be provided in the law.
“The law should enhance trust in processing data in India. Processing of foreign data in India should avoid overlaps with the laws of the countries whose data is being processed,” said the IT industry’s apex body.
Accordingly, the bill provides that companies processing foreign data in India will need to adhere to security safeguards to prevent personal data breaches under the law.
Sivarama Krishnan, Partner & Leader, Risk Consulting, PwC India, said the DPDP Bill 2023 is a much-needed leap in the right direction as it establishes the rights and duties of ‘Data Principals’, the owners of data, and the obligations and liabilities of ‘Data Fiduciaries’, who collect, store, and process the data.
Murali Rao, Cybersecurity Consulting Leader, EY India said that the DPDP Bill is India’s first data protection act, and it establishes a framework for the processing of personal data in India.