New Delhi Nov 26 (PTI) India’s new data protection norms will prompt companies to prioritise data mapping to assess and discover what datasets they already hold, Vikram Jeet Singh, Partner at BTG Advaya, said on Wednesday.
A consent-based framework means that the shift to the regime will be as much about legal nuances as about re-engineering of systems and processes, he added.
Amid indications that the government may look to compress the timelines for its implementation, Singh said the more time companies get, the better it would be.
“India does not have a culture of privacy as yet. It has not really had a law around data privacy…data privacy is often an afterthought for most, not really something that has consequences in the real world,” he said,
adding that all that changes will now be in compliance with the notification of Digital Personal Data Protection rules.
For several companies, it will lead to discovering what datasets they hold, who has access to them, and what the nature of that personal information is.
“Is it, for example, data that is a bit sensitive, like children’s data? I think that’s the first step. I think that discovery and data mapping are the priority for most of our clients,” he said.
The challenge then is as much about architecture and engineering as it is about compliance, requiring firms to embed consent within their systems design, he noted.
“The data law that we have in India now is mostly a consent based law, and it is as much an engineering problem as a legal problem as to how to integrate consent into the legal framework…how do you take informed, affirmative consent from a user without really impacting their experience, making sure there is no consent fatigue etc…this is the technical engineering part of how to integrate consent into your product,” Singh said.
Singh was speaking at a webinar on the newly-notified Digital Personal Data Protection (DPDP) Rules 2025, convened by think tank The Dialogue. PTI MBI MBI BAL BAL
