India Adopting Data Privacy Laws

Posted by

India is the latest country on the list to adopt federal data privacy laws for their citizens. According to The Times of India, the two-decade-old Information Technology Act, 2000 (IT Act), the existing governing law, hasn’t been able to keep up with the rapid advancements in technology. With India recently witnessing a massive increase in cyberattacks, cybercriminals have been steadily discovering new ways to obtain sensitive personal information. To make matters worse, the pandemic has catapulted the digital ecosystem forward by years, and remote work has expanded the attack surface available to hackers. Regulatory authorities have been scrambling to catch up, and organizations are left wondering how they can mitigate this ever-evolving privacy landscape.

The proposed Personal Data Protection Bill (PDPB) seeks to bring about a comprehensive overhaul of India’s current data protection policies. India’s new law will have flavors of GDPR and will include:

  • Requirements for notice and prior consent for the use of individual data.
  •  Limitations on the purposes for which data can be collected or processed, and it has restrictions to ensure that only the data essential for providing a service is collected.
  •  Data localization requirements, and it necessitates the appointment of data protection officers within organizations.
  •  Establishing a separate regulator called the Data Protection Authority of India (DPA) to protect and regulate the use of citizens’ personal data.

In the current age of information explosion, achieving compliance with data privacy standards can be daunting. However, it doesn’t have to be that way if organisations are proactive and plan ahead. Here at Rownd, we believe that you should give your customers the power to control their own data. Regulations, consumers, and industry standards are rapidly changing and privacy is becoming top of mind.

Learn more about Rownd at!