Search for:

India: India’s Digital Personal Data Protection Act – What should United States companies do now?

By , and 2 Mins Read

In brief

Following a five-year legislative process, India’s Digital Personal Data Protection Act (DPDP) received presidential assent on 11 August 2023. Practically speaking, the DPDP is not yet enforceable as the government still needs to establish the Data Protection Board of India (Board), which will serve as the enforcement authority for the law. The Board, in turn, must implement certain legally binding rules before the DPDP becomes fully operational. This process is expected to unfold over the next 8-12 months, although it could take longer and the national elections in 2024 may further delay the DPDP’s implementation.

For now, US companies doing business in India should continue to comply with current privacy laws in India, which consist largely of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (SPDI Rules). In parallel, companies should monitor implementation developments and, when more concrete details emerge, consider how they will leverage existing GPDR and CCPA compliance mechanisms to help gear up for when the DPDP formally replaces and supersedes the SPDI Rules. 

Click here to read the full alert.

* * * * *

Copyright 2023 Bloomberg Industry Group, Inc. (800-372-1033) Reproduced with permission. India’s Digital Personal Data Protection Act: What Should US Companies Do Now?

Categories:
Author

Lothar Determann has been helping companies in Silicon Valley and around the world take products, business models, intellectual property and contracts global for nearly 20 years. He advises on data privacy law compliance, information technology commercialization, interactive entertainment, media, copyrights, open source licensing, electronic commerce, technology transactions, sourcing and international distribution at Baker McKenzie in San Francisco & Palo Alto. He is a member of the Firm's International/Commercial Practice Group and the TMT and Healthcare industry groups.

Author

Helena Engfeldt helps companies around the world expand their businesses internationally especially by taking privacy law compliance global. She is a partner in Baker McKenzie's International/Commercial Practice Group in San Francisco. She is licensed to practice law in California, New York and Washington.

Author

Jonathan Tam is a licensed attorney in California and Ontario. He focuses on privacy, advertising, intellectual property, content moderation and consumer protection laws. He is passionate about helping clients achieve their commercial objectives while managing legal risks associated with activities involving data, information technology and media. Jonathan regularly writes about information technology and privacy, and is the Vice Chair of the Cybersecurity and Privacy Law Section of the Bar Association of San Francisco. He has completed secondments at a global payment services provider based in London, England and a world-leading tech company based in Silicon Valley. He joined Baker McKenzie as a summer associate in 2012 and has also worked in the Firm's Toronto office.

Related Posts