.svg)
.jpg)
Headlines of the Week
New Rules on Data Protection Likely to be Notified Soon
During a meeting earlier this month with various industry stakeholders, the Ministry of Electronics and Information Technology (MeitY) made efforts to iron out concerns about potential business disruptions once the rules are issued. This is expected to happen before Maharashtra Assembly elections scheduled to be held on 20th November. It is notified that only the home ministry’s approval is pending now. At a meeting held earlier this month with several industry stakeholders, the Ministry of Electronics and Information Technology (MeitY) sought to allay fears of business disruption with the introduction of the proposed rules. There is also an assurance that there will be enough time for implementation of these rules.
Source: Economic Times
‍
Govt Ignored Niti Red Flag that Data Protection Law could weaken RTI
Niti Aayog, the top think tank of the government, had opposed some of the provisions of the law, and particularly red flagged the changes proposed to the Right to Information (RTI) Act that could “weaken” the legislation. The new data protection law proposed an amendment to a section in the RTI Act with such effect that disclosure of personal information about public officials would not be allowed even when these are justified in larger public interest. Niti Aayog expressed its concerns regarding disclosure of personal information of public officials not made possible in larger public interest.
Source: Indian Express
‍
Insights of the Week
What is a Consent Manager?
Read our blog to understand about the function of consent manager in the enforcement of the DPDP Act. The DPDP Act enforces a robust framework for data protection, with a strong focus on user consent as the primary ground for processing personal data. A Consent Manager helps businesses gather consent across channels, securely store records, and manage consent changes, ensuring compliance with the DPDP Act. Â Compliance with the DPDP Act requires businesses to maintain transparent records of all consent interactions, including timestamps and purpose, for audits and regulatory reviews. Beyond managing consent, a Consent Manager supports data principal rights such as access, correction, erasure, grievance redressal, and nomination of representatives. Managing third-party vendors becomes crucial, as businesses must ensure data shared with partners is deleted or corrected across all platforms when requested by users. The DPDP Act also emphasizes compliant data retention, limiting how long personal data can be stored, which requires a systematic approach to deletion across internal and external systems.
Rights of Data Principals under the DPDP Act
Read our blog to learn more about the rights of data principals under the DPDP Act. The Right to Information Access allows data principals to know what personal data is being processed, how it is being used, and which third parties it is shared with. The Right to Correction and Erasure gives data principals the ability to request corrections to inaccurate or outdated data, as well as request the deletion of data that is no longer necessary. The Right to Grievance Redressal ensures that data principals can raise complaints about how their personal data is being handled and expect timely resolutions from data fiduciaries. The Right to Nominate allows data principals to designate a trusted individual to manage their personal data in case of death or incapacity. Data principals also have a duty to provide accurate, complete information and avoid impersonation or providing false data to ensure the integrity of the data processing.
Compliance Tip of the Week
Provide Explicit Consent Check-boxes
Businesses are advised to provide explicit consent check-boxes against the relevant purposes during data collection. This will help in better storage and retrieval of specific personal information.
Provide for Customer Portal
Indian businesses are required to provide a portal for customers to manage their consent. This portal shall also enable the customers to make exercise of rights requests with ease.
Explore Leegality Consent Manager
Discover how our Leegality Consent Manager can streamline your data protection processes and ensure compliance with the DPDP Act. Our Consent Manager offers:
- Compliant consent notices across all customer touchpoints
- Storage of verifiable and auditable records of each consent
- Dashboard for customers to change consent preferences and exercise data rights
- Oversight over the data practices of your third parties
‍