Digital Personal Data Protection Act

Mind Your Meds and Metrics: Navigating the Indian Health Data Protection Labyrinth

Introduction

India’s private healthcare entities are increasingly participating in government initiatives, in a sector historically dominated by private players. This synergy is evident in public-private partnerships like the Ayushman Bharat National Health Protection Mission and the Pradhan Mantri Jan Arogya Yojana. The aim of the programmes is to expand healthcare access and affordability, reflecting a significant policy shift towards inclusive health coverage.Continue Reading Mind Your Meds and Metrics: Navigating the Indian Health Data Protection Labyrinth

Need for Syncing Sectoral Regulations with Data Protection Law

Cutting across sectors and borders, the Digital Personal Data Protection Act, 2023 (DPDPA or Act), a lean, principles-based, horizontal legislation was enacted in August 2023 (yet to come into effect). Given the substantive procedural aspects under the Act being left for delegated legislation, the first set of rules is expected to be released for public consultation within 100 (hundred days) of the end of the ongoing General Elections,[1] if the incumbent government is re-elected.Continue Reading Need for Syncing Sectoral Regulations with Data Protection Law

Handle with CARE: Relying on “Purposes of Employment” for Processing Employee Data

India has been preparing for the Digital Personal Data Protection Act, 2023 (“DPA”), for almost a year now. During this time, companies have realised that relying on consent as a long-term basis for processing may be difficult, and instead, using ‘legitimate uses’[1], as the bases for processing may be a better alternative.Continue Reading Handle with CARE: Relying on “Purposes of Employment” for Processing Employee Data

FIG Paper (No. 32) - Outsourcing of Financial Services: Harmonising the Law and Looking Ahead

Background

The Reserve Bank of India (“RBI”) issued the draft Master Direction – Reserve Bank of India (Managing Risks and Code of Conduct in Outsourcing of Financial Services) Directions, 2023 (“Draft MD”), on October 26, 2023. With the COVID-19 pandemic and the digitisation of financial services globally, financial institutions started becoming increasingly dependent on their service partners and agents to reduce costs and avail expertise not available internally.Continue Reading FIG Paper (No. 32 – Series 1): Outsourcing of Financial Services: Harmonising the Law and Looking Ahead

FIG Paper No. [29], Data Law Series [3]: Implications of Digital Personal Data Protection Act, 2023 for Foreign Banks in India

Introduction:

The Digital Personal Data Protection Act, 2023 (“DPDP Act”) is India’s foray into the global regulatory movement on personal data rights. In designing the DPDP Act, there has been a strong focus on simplicity, brevity, and standardisation. We note a marked effort to align with data regulation across the world, most significantly, the European Union’s General Data Protection Regulation (GDPR”). While principally similar, the Indian regime has peculiarities for which financial services entities will have to prepare themselves. Continue Reading FIG Paper No. 30, Data Law Series 4: Implications of Digital Personal Data Protection Act, 2023 for Foreign Banks in India

India's New Data Protection Law: How Does it Differ from GDPR and What Does that Mean for International Businesses?

On August 11, 2023, India’s long-awaited general personal data protection legislation, the Digital Personal Data Protection Act, 2023 (“DPDPA”) was finally enacted.

Governing the world’s fifth largest economy and one of its fastest growing digital markets, the DPDPA will be of importance to a large number of international businesses that operate in India, rely on Indian service providers/group service companies for their operations, or are looking to enter Indian markets.Continue Reading India’s New Data Protection Law: How Does it Differ from GDPR and What Does that Mean for International Businesses?