![]() It could also help fintechs engaged in cross-border trade. This section could help crypto startups given their borderless nature. “With regards to data localisation and cross-border data transfer, the Act has removed most of the roadblocks and in that sense could be seen as facilitating cross-border data flows and crypto transactions,” Warris said. The Act has simplified most of the obstacles in this space, thereby seeking to strike a balance between strict data localisation and free flow of data. While lawyers help, young founders dealing in personal data will have to always be mindful of the provisions of this law.Ĭross-border flows: One section which will give a massive breathing space to startups is cross-border flow of data. Industry insiders pointed out that such harsh penalties could have a deep impact on early-stage startups who might falter on following the due procedure of the law. Any breach in observing the obligation for the data fiduciary could result in a fine of Rs 250 crore.īreaching to inform the data board or the data principal the instance of a data theft can attract a penalty up to Rs 200 crore. Hefty penalty: Probably one of the harshest sections of the Act is the fine associated with non-compliance. Now, with the Act, perhaps this will change and consumers will be more aware. But never once was I informed that my data was leaked. Looking at the personal details like address and phone number it was evident that a grocery delivery service I used back in 2016-17 must have been the source of the leak. The company had informed its merchants, but the regulator was not informed then.Ī senior cyber security researcher once had shown yours truly that my own personal data was available for sale on the dark web. ![]() However, news around the breach came out only much later - in 2021. For instance, payment processor Juspay had faced a cyber attack in August 2020. This is important given past experience has taught us that companies prefer to keep data breaches under wraps. More power to the customer: Perhaps one of the most critical parts of the Act is that a customer who has been impacted by a data breach needs to be informed. Financial services players might be left to be managed by the regulator. They are the biggest repository of customer data in current times. “(A significant data fiduciary) will have to appoint a data protection officer…and an independent data auditor to evaluate the compliance with the provisions of the Act,” Warris said.Īnother section believes that big tech companies, social media giants might only be marked as ‘significant’. Salman Warris, partner at Techlegis Advocate and Solicitors said that fintech and crypto startups could get included into the category of Significant Data Fiduciary. But some experts suggested that there could be an additional compliance burden on them now. Impact on crypto and fintech: Startups that are already regulated like lending fintechs or payment aggregators have to abide by strict norms around processing and storage of data as directed by the Reserve Bank of India. Maybe ecommerce apps and others might not become significant fiduciaries. Industry insiders can assume that financial services players could get included within this category. Potential impact on the sovereignty of the country. ![]() Risks to the right of the data principal.Volume and sensitivity of the personal data processed.Among them, some will be defined by the central government as a ‘Significant Data Fiduciary’ depending, among others, on the following factors: Significant data fiduciary: The law identifies a data fiduciary as one who defines the purpose and means of processing data. While the Act in itself is still being studied by lawyers and policy experts, some of its salient features could have a crucial bearing on the emerging Indian tech and startup industry. While the law will impact every entity in this country that deals in the personal data of Indian citizens, tech companies and consumer-facing startups are perhaps going to be impacted the most. Perhaps what could turn out to be one of the most crucial acts for Digital India was undertaken by the Indian Parliament through the passage of the Digital Personal Data Protection Bill, 2023 earlier this week. Hi, This is Pratik Bhakta here in Bengaluru. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |