How will the Data Protection Bill help India achieve its vision of a ‘digital’ future?

EY’s perspective on the recommendations presented by the Joint Committee of Parliament on the bill

Emerging digital landscape has perennially altered how personal data is collected, stored, and harnessed for multiple known and unknown purposes. In the absence of structured and comprehensive data privacy laws, the protection of personal data is more voluntary than mandatory. With the emergence of the Data Protection Bill and its intense iterations, India has taken a cautious approach in paving its way on the global map as a ‘nation focused on building a strong data privacy regime’ and help boost global trust, making our country an attractive investment hub.

EY has been involved in more than 250+ Data privacy engagements across sectors

The bill aims to promote fair and transparent processing of personal data through informed consent, making ethical usage of data an integral part of data management. Further, with the bill coming in, there is an imperative need to educate the new generation of Bharat’s digital users across various sections of the society on their privacy rights and redressal mechanism that the organizations are obligated to enforce. This increasing awareness will play a critical factor in endorsing trust and transparency within the masses.

EY has more than 200+ privacy professionals including lawyers working dedicatedly on data privacy

The need for data localization, on one hand, will increase compliance costs-forcing global organizations to setup replicas of personal data in India. On the other hand, it will also bring technology advancement and guarantee opportunities for future investment and employment, making India a true data sovereign nation.

In the backdrop of the Bill, we expect to see the construction of multiple regulatory policies, such as framework for non-personal data, data-localization, certification for digital and IoT devices, which clearly highlight the need to build a flexible data privacy framework to cater to futuristic requirements in their overarching data privacy programs. This requires strategic planning driven by the leadership and reinforcing the need to build a strong privacy task force with legal resources close knitted with the involvement from all functions and businesses of an organization.

Our broad transformation approach considers the key facets of the bill across organization’s data lifecycle: -

1. Data Governance is the practice of efficiently and effectively managing data (both personal and non–personal data) to maximize business value as well as secure the data
2. Data Management consists of an organization’s practices of managing personal and non– personal data in alignment with the objectives set for Data Governance
3. Data Privacy and Data Protection consists of an organization’s practices of managing and securing data in alignment with applicable data privacy laws and regulations

The draft bill addresses various burgeoning issues of the personal data ecosystem in India. However, the question — whether the bill shall remain riddled with questions or shall pave way to a new trusted regime. The answer to this shall be discovered as we stride through the passage of time.