Unleashing Power of Data

Unleashing Power of Data | 53 [ DECODING “THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023 ] IMPACT OF “THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023” ON BFSI & MSMES IN INDIA ƒ The impact of the DPDP Act on BFSI sector is significant with multiple regulations on BFSI and FinTech’s - cyber security framework has several provisions on internet reporting. In addition, there are several stringent compliances from RBI ƒ The control of personal data protection such as data protection encryption, key management, data redemption, data localisation, etc must fit into the larger framework, which is one of the biggest concerns for FinTechs and banks who are collecting a lot of personal data. ƒ Data protection is going to be one of the biggest challenges, including making changes in the existing BFSI products, as the existing BFSI products may not have the ability to take consent from the customers with regards to usage of personal data ƒ There are several compliance automation tools that will help to automate complete data lifecycle management, which will help MSMEs including startups. ƒ MSMEs often imply quicker decision-making process. They must align and operate with Bill’s demand ƒ With a responsive government, industry feedback and consultations, there may be potentially some additional time given to SMEs for compliance practices. IMPACT OF “THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023” ON CROSS BORDER DATA FLOW BY MNCS ƒ Enhanced compliance: Indian subsidiaries needs to ensure compliance with DPDP, importantly following centralised data governance norms and implementing process for consent management, data auditing, and breach reporting. ƒ Increased costs: Compliance costs including the expense related to bringing about the necessary changes in infrastructure and processes to secure data collection, storage, and transfer. ƒ Data Localization: Require firms to store a copy of personal data on servers within India. This could force MNCs to invest more in local data centers or cloud storage solutions ƒ New Business Processes: The need for explicit consent before data collection could lead to changes in business processes for MNCs ƒ One of the biggest concerns is to find out which countries and processes is the data flowing to. Hence, there is an urgent requirement of a clear process map. ƒ Privacy impact assessment is important aspect for the MNCs operating in India, such as understanding if the data contains sensitive information or identifiable to an individual or something that is on the periphery. Dun & Bradstreet