India’s New Cybersecurity Frontier: Insights on the DPDP Act from a Legal Perspective

Karan Purohit

In a recent panel discussion on “Insurer’s Focus: Elevating Cyber Security & Risk Management as Insurance Imperatives” at the Elets BFSI Insurance Innovation Summit & Awards, Karan Purohit, VP & Head – Legal Claims at Magma HDI General Insurance Co., shed light on the implications of the newly implemented Data Protection and Digital Privacy (DPDP) Act, which became effective on August 11, 2023. This marks the first comprehensive data protection legislation in India, a significant shift from previous IT rules and guidelines.

Before the DPDP Act, India managed data protection under the umbrella of IT regulations, which offered limited guidelines. The DPDP Act introduces a structured approach to data management, classifying roles distinctly as “data principals” (data providers) and “data fiduciaries” (data handlers). This classification is pivotal as it determines the responsibilities and liabilities in data handling and protection, emphasizing the importance of clarity in these roles.

Key Features of the DPDP Act
The DPDP Act is characterized by its openness to interpretation, which is both its strength and a potential challenge. This flexibility allows for adaptation to various scenarios in data handling but also leaves room for legal debates about the responsibilities of the involved parties. A crucial aspect of the Act is its heavy penalties for non- compliance, with fines reaching up to 250 crore INR, underscoring the importance of stringent data management practices.

Industry Impact and Compliance
The insurance sector, in particular, faces significant implications under the new Act. Insurance companies are required to manage vast amounts of personal data, making them prime subjects of the DPDP’s regulations. The panel highlighted the proactive steps taken by industry players, including forming committees in collaboration with the Insurance Regulatory and Development Authority (IRDA) to discuss and shape the rules that will govern their operations.

Case Studies and Theoretical Applications
The discussion also touched on hypothetical scenarios that could test the DPDP Act’s boundaries. For instance, the flow of data from customers to intermediaries, and then to insurance companies, presents complex challenges in defining who exactly holds the fiduciary responsibility.

Safeguarding Personal Information
Under the DPDP Act, the protection of personal information has been strengthened. Unlike the Right to Information (RTI) Act of 2005, which allowed certain exceptions for sharing personal data if deemed in the public interest, the DPDP Act restricts this, ensuring that private data remains confidential unless specifically mandated by law.

This change marks a significant pivot in Indian data protection policy, aligning it more closely with global standards like the EU’s GDPR. It represents a tighter grip on data privacy, with a clear message that personal information is to be guarded rigorously.

Looking Forward: The Path to Compliance

The introduction of the DPDP Act is just the beginning. The ongoing development of specific regulations and guidelines will be critical in shaping how effectively this law protects consumer data while supporting the needs of the business sector. Insurance companies and other stakeholders are actively engaged in discussions to fine-tune these rules, ensuring that they are both practical and robust.

In conclusion, the DPDP Act not only revolutionises how personal data is handled in India but also places a significant responsibility on businesses, especially in the BFSI sector, to elevate their cybersecurity and risk management practices. As these discussions evolve, it will be imperative for companies to stay informed and compliant, navigating the complexities of data protection to safeguard their customers and themselves.

"Exciting news! Elets Banking & Finance Post is now on WhatsApp Channels Subscribe today by clicking the link and stay updated with the latest insights!" Click here!

Elets The Banking and Finance Post Magazine has carved out a niche for itself in the crowded market with exclusive & unique content. Get in-depth insights on trend-setting innovations & transformation in the BFSI sector. Best offers for Print + Digital issues! Subscribe here➔

Get a chance to meet the Who's who of the Banking & Finance industry. Join Us for Upcoming Events and explore business opportunities. Like us on Facebook, connect with us on LinkedIn and follow us on Twitter, Instagram & Pinterest.