The Data Protection Act 2023 introduces new requirements for businesses handling personal data. Learn about key changes, compliance requirements, and implementation timelines.
- Data Protection Act 2023 mandates explicit consent for data collection.
- Critical personal data must be stored within India.
- Businesses face hefty fines for non-compliance.
- Mandatory data breach reporting within 72 hours.
- Appointing a Data Protection Officer may be required.
The Data Protection Act 2023 has been enacted to strengthen data privacy and protection in India. This comprehensive legislation brings significant changes that businesses need to be aware of.
Key Provisions
The Act introduces several important provisions:
- Consent Requirements: Businesses must obtain explicit consent before collecting personal data
- Data Localization: Critical personal data must be stored within India
- Right to Erasure: Individuals can request deletion of their personal data
- Data Breach Notification: Mandatory reporting of data breaches within 72 hours
- Penalties: Fines up to ₹250 crores or 4% of annual turnover for non-compliance
Impact on Businesses
All businesses handling personal data must:
- Update their privacy policies
- Implement data protection measures
- Appoint a Data Protection Officer (if required)
- Conduct regular data audits
- Train staff on data protection requirements
Compliance Timeline
- Immediate: Review current data practices
- 3 months: Update privacy policies and consent mechanisms
- 6 months: Implement technical and organizational measures
- 12 months: Complete compliance audit
Next Steps
Businesses should consult with legal experts to ensure full compliance with the new Act.
Discussion (0)
Join the conversation — log in to comment or reply.
Log in to comment New here? Create an account