Add thelocalreport.in As A Trusted Source
Asked about a possible reduction in compliance timelines for big technology under the data protection regime, Krishnan said the government is consulting industry stakeholders to assess its preparedness.
He said that since the issue is complex and affects multiple layers of the digital ecosystem, the government’s priority is to avoid any disruption.
Also read: Data protection rules: Industry raises concerns over data localisation, parental consent
“On the data protection board, we have started the process of nomination of members to identify them and put them on the posts and positions that the board will require… We are working on it right now because we have to approve it,” Krishnan told PTI in an interview.
The Government is ready with the necessary software for a completely online office for the Data Protection Board.
The IT Secretary said, “So the work is going on.”
Asked whether large companies had opposed reducing the compliance timelines during discussions with the IT ministry, Krishnan said they had not indicated their discomfort on any particular aspect.
“We have asked them to let us know when they will be ready and look at specific aspects… because please understand that this is complex,” he said.
The DPDP Act – which defines how entities must collect and process users’ data – envisages the establishment of a Data Protection Board of India, tasked with monitoring compliance, investigating violations and imposing fines and directing remedial or mitigating measures in case of data breaches.
The Board functions as an independent body and is set to play an important role in implementing the powers given under the Act and maintaining confidence in the system.
As per the recently notified DPDP rules, the Central Government will constitute a Search-cum-Selection Committee headed by the Cabinet Secretary with the Law Secretary, IT Secretary and two domain experts as members to recommend names for appointment as Chairperson of the Data Protection Board.
Another search-cum-selection panel will be set up to recommend names for appointment as board members, which will be headed by the IT Secretary and will include the Law Secretary and two domain experts.
“The Central Government, after considering the suitability of the persons recommended by the Search-cum-Selection Committee, shall appoint the Chairperson or other Member, as the case may be,” the DPDP rules say.
The data protection board will be operational “in the coming months,” Krishnan said, but declined to mention any specific timeline.
The Digital Personal Data Protection Act aims to provide a framework for the processing of digital personal data that recognizes both the rights of individuals to have their personal data protected and the need to process such personal data for legitimate purposes.
It seeks to protect digital personal data by outlining the obligations of data fiduciaries (individuals, companies and government entities processing data) for data processing (collection, storage or any other operation on personal data); Rights and duties of the data principal (the person to whom the data relates); and penalties for violation of rights, duties and obligations.
The Act places clear responsibilities on data fiduciaries to keep personal data secure and to be accountable for its use. It also gives data principals the right to know how their data is managed.
Also read: Government notifies DPDP rules, sets 18-month roadmap for data protection regime
The DPDP Act imposes stringent financial penalties for non-compliance; The highest penalty of up to Rs 250 crore is applicable on failure of the data fiduciary to maintain appropriate security safeguards.
Failure to inform the board or affected individuals about a personal data breach as well as a breach of obligations related to children could result in a fine of up to Rs 200 crore. Any other violation of the Act or rules by the data fiduciary can attract a penalty of up to Rs 50 crore.