The Data Protection Act 2023 has been enacted to strengthen data privacy and protection in India. This comprehensive legislation brings significant changes that businesses need to be aware of.
## Key Provisions
The Act introduces several important provisions:
1. **Consent Requirements**: Businesses must obtain explicit consent before collecting personal data
2. **Data Localization**: Critical personal data must be stored within India
3. **Right to Erasure**: Individuals can request deletion of their personal data
4. **Data Breach Notification**: Mandatory reporting of data breaches within 72 hours
5. **Penalties**: Fines up to ₹250 crores or 4% of annual turnover for non-compliance
## Impact on Businesses
All businesses handling personal data must:
- Update their privacy policies
- Implement data protection measures
- Appoint a Data Protection Officer (if required)
- Conduct regular data audits
- Train staff on data protection requirements
## Compliance Timeline
- Immediate: Review current data practices
- 3 months: Update privacy policies and consent mechanisms
- 6 months: Implement technical and organizational measures
- 12 months: Complete compliance audit
## Next Steps
Businesses should consult with legal experts to ensure full compliance with the new Act.