By:Vikas Bansal, Partner, IT Risk Advisory and Assurance, BDO India
“The DPDP Act, with its forthcoming rules, represents a fundamental and permanent shift in the business landscape. It requires a completely new approach to data, one where “Data Principals” are empowered with unprecedented rights, and “Data Fiduciaries” are subject to new responsibilities. The financial penalties for non-compliance are severe, with fines of up to INR250 crore. In a move that links data protection with the future of technology, the Minister also announced that a national AI governance framework will be released by the same date.
This is a real and present concern. With these rules expected shortly, organisations must adopt a structured compliance framework. Data mapping and creating ROPA style inventories become critical to track all the data processing activities. Drafting and updating privacy policies, retention schedules, data principal rights, and breach notifications is now mandatory.
It is no longer a matter of if you will be compliant, but when. The businesses that will not only survive but thrive are those that take this news seriously, act with urgency, and embed data protection as a core principle of their operations.“