India's First Data Protection Bill and Its Expected Impact

Standard Post with Image
09 March 2020

India's First Data Protection Bill and Its Expected Impact

Data is the new oil. It fuels almost every industry in the world. To make smart and pivotal business decisions, data is a mighty resource. This resource can be free or comes with a cost. It can be stored online or offline. Soon after the advent of the internet revolution, the growth of online data has been exponential. Internet users in India has exceeded half a billion in 2019. Of the total user base, 87% of Indians are defined as active users. India’s data usage per smartphone is the highest in the world at 9.8GB per month.

Personal data protection bill, inspirisys data migration solution, inspirisys IT infrastructure solutionHere, we have to take a deeper look. It is not how much data is consumed, but how much data is created and shared every day. It is far more than the amount of data consumed. It includes sensitive personal details like name, age, gender, address, phone number, location coordinates, browser history, telephone records, messages, social media activities, etc. In some situations, people trade their sensitive data to avail freemiums like free internet applications. In other situations, they provide them to get more tailored and premium services like healthcare, banking, telecommunication, etc. But the majority of them don’t have any idea about the whereabouts of data storage.

Data Storage - In a nutshell

The data can be stored anywhere around the globe and can be accessed in the same way. For example, a company in India can store their client details in one of its data centres located in China. There are many reasons to choose a data centre out of the country. The cost of the data centre might be cheap. They might be a multinational company owning a data centre in their headquarters which is in China. But here comes the risk when sensitive Indian data stored outside the Indian soil. Though it is secured, a single vulnerability could lead to a state-sponsored cyber-attack. Keeping this in mind, the Indian Government crafted its first data protection bill which can impact individuals and Indian companies or multinational companies located in India.

There is a lot to discuss India’s first data protection bill. But this blog explains its overview and expected impact on Indian companies under healthcare, banking, telecommunication, manufacturing, and Govt. /PSU spectrum.

Personal Data Protection (PDP) Bill – An Overview

It all started in July 2017, when Government of India assembled a committee of experts to study the issues related to data protection in the country. Retired Supreme Court Justice BN Srikrishna had led the committee.  It submitted a draft of Personal Data Protection (PDP) Bill in July 2018 after a year work. Also, it requested feedback from the public, Ministers, stakeholders, and other industry experts. On December 11, 2019, a revised version of the Bill was submitted to the Lok Sabha, the lower house of parliament and has been sent to Join Parliamentary Committee for further deliberation. The bill was anticipated to be on board in 2019. But it is expected to become a law or an act in 2020. The ultimate goal of the Bill is to regulate the processing of Indian citizens’ personal data by government, companies incorporated in India and foreign companies that are dealing with data related to Indians.

So what does it mean to the companies?

The bill’s take on data localization can impact some industries in India. It is similar to RBI’s existing regulation 2018, mandating companies to store payments data only in India. With Personal Data Protection Bill, Indian Government wants to apply this rule to all the companies dealing with Indian Citizens’ sensitive data. Be it healthcare, telecom, banking or manufacturing sector, every company should abide by the act or law when it is amended.

Healthcare industry is in the process of digital transformation to effectively manage patients' health data. If they utilized a managed data centre outside the country, they are in risk to be penalized by the Government. Particularly, the telecom industry is handling sensitive customer data linked to biometrics. Likewise, all other industries will be subjected to the same norms. In addition to that, companies won’t be allowed to share their customers’ data with others without their consent.

Act before it's too late

Whenever there is a regulatory change from the government, companies haste to change their systems. After all, haste makes waste. IT infrastructure is the building block of internal IT operations. Rushing through things like infrastructure changes in a short time window, results in flaws and in turn increases the project duration and downtime. It’s better to act before it’s too late. If you have your customers’ data in a data centre, off the country, it is suggested to migrate them to the best one inside. We help our clients to migrate data with minimal downtime. Our enterprise data centre solutions backed by full lifecycle support to comply with the upcoming data regulation.

Click here to talk to an expert!