Data Protection Newsletter (September, Issue I)

September 19, 2024

Nachiketa Singh

Founders Office

Summary

  • DPDP Rules to be Released for Public Consultation this Month
  • ‘Sachet’ Covers now Protect Against Cyberfrauds using AI
  • ISRO Chief lays the foundation stone for Cyber Nalanda
  • Data Protection Board: What Businesses Need to Know
  • DPDP Compliance for Aggregators
  • Implement Consent Management Solutions
  • Institute robust access controls and employee authentication mechanisms to limit access to personal data

Headlines of the Week

DPDP Rules to be Released for Public Consultation this Month

The detailed rules for Digital Personal Data Protection Act 2023 will be released for public consultation before the end of this month. The consultation period will be more than a month. The DPDP Bill was passed nearly a year ago but the law has not been implemented yet as many provisions require additional rules.

Source: Moneycontrol

‘Sachet’ Covers now Protect Against Cyberfrauds using AI

Insurance companies are building insurance products that offer protection against growing instances of cyber frauds. These risk covers are designed to protect against the threat of impersonation, cyber extortion, bullying and identity theft. A recent study by Deloitte said that India’s cyber insurance market worth $50–60 million in 2023 is expected to grow at an annual rate of 27–30% in the next five years.

Source: Economic Times

ISRO Chief lays the foundation stone for Cyber Nalanda

ISRO Chairman S Somanath laid the foundation stone for 'Cyber Nalanda', a state-of-the-art cyber security research and development centre, a global forensics-driven cybersecurity solutions company, that is coming up in Bengaluru. He noted that in this era of cyber attacks it is very important to build cyber security tools and solutions. Cyber Nalanda aims to become a global hub for cybersecurity innovation, focusing on collaboration with academia.

Source: Economic Times

Insights of the Week

Data Protection Board: What Businesses Need to Know

Read our blog to understand about the Data Protection Boards (DPB). DPDP Act establishes the Data Protection Board as the key regulatory authority responsible for ensuring data protection regulations. The DPB has the power to investigate, adjudicate, and impose penalties of up to ₹250 Crore for violations of the DPDP Act. The DPB can address complaints from individuals (Data Principals) regarding data breaches and mishandling by Data Fiduciaries and issue mandatory corrective actions. The DPB will operate as a digital office, enabling faster complaint resolution and requiring businesses to maintain thorough digital records. Indian Businesses are advised to proactively review data practices, manage consents, and prepare for DPB investigations to remain compliant.

Read the Full Article

DPDP Compliance for Aggregators

Read our blog to understand the compliance obligations under the DPDP Act for Aggregators. In an Aggregator model one business onboards another business to offer products or services to end consumers. The aggregator is usually a B2B2C company. The DPDP Act distinguishes between Data Fiduciaries (entities determining the means and purpose of data processing) and Data Processors (entities processing data on behalf of a fiduciary). An aggregator business can act as either a Data Fiduciary or Processor, depending on its control over data processing activities. Compliance obligations primarily rest on Data Fiduciaries. Aggregators must ensure clear agreements with partners, manage data breaches, and maintain transparency with end users. Read our blog to get an understanding on best practices for Aggregators.

Read the Full Article

Compliance Tip of the Week

Implement Consent Management Solutions

Companies should review data maps to identify which processing activities rely on consent. The need of the hour is to implement a DPDP compliant consent process across all touchpoints where personal data is collected. Indian businesses can simply plug in Leegality Consent Manager to better manage end-user consents.

Institute robust access controls and employee authentication mechanisms to limit access to personal data

Implement comprehensive training programs for employees and contractors on data protection and privacy. Integrate policy acknowledgment into employee onboarding and periodic training programs. Ensure these policies are easily accessible to all stakeholders, including employees, customers, and partners. Identify key employees for every set of information, with whom the personal data must be shared necessarily. Share personal data of users with persons identified as essential stakeholders for the activity only.

Explore Leegality Consent Manager

Discover how our Leegality Consent Manager can streamline your data protection processes and ensure compliance with the DPDP Act. Our Consent Manager offers:

  • Compliant consent notices across all customer touchpoints
  • Storage of verifiable and auditable records of each consent
  • Dashboard for customers to change consent preferences and exercise data rights
  • Oversight over the data practices of your third parties

Explore Leegality Consent Manager for your Business

Sign up for a demo and early trial access

Customized Demo for every use case
Deep dive into your unique needs and compliance challenges
Free access to testing account
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.