The government on Wednesday said that companies/entities may be given around a year’s time, and even some more to smaller organisations or startups, to comply with norms of Digital Personal Data Protection (DPDP) Act, 2023.

Speaking on the sidelines of consultation session with the industry stakeholders, Rajeev Chandrasekhar, Minister of State for Electronics and IT told reporters that Data Protection Board and guidelines for the eight-nine ‘key rules’, including consent management, will be put in place within a month.

“Industry wants some more time for age-gating, different timelines for transition for different data fiduciaries. We expect transition for most of the rules except age-gating will happen in 12 months from now...over the next 30 days, there will be necessary rules prescribed for the Act. We will also work on forming the Data Protection Board (DPB) in the upcoming month,” Chandrasekhar said.

Also Read | The unfolding trajectory of India’s journey in data privacy regulation

He said that some businesses like startups and MSMEs and establishments like hospitals that handle people’s data might get more time to adhere to these rules.

“This is because they may not have as much experience in handling data as bigger data fiduciaries do. So, they can ask for more time to learn and follow the rules. If anyone breaks these rules, the DPB will handle it and make decisions. But, they will only start doing this when they are fully ready for adjudication,” he explained.

However, a senior official at Ministry of Electronics and IT (MeitY) said that rules may come in ‘altogether also’ at one go once consultations are over.

“The DPDP Act was already published by the Gazette of India on August 11 so the companies should already start acting on it...they should prepare themselves from then itself already,” said the senior official adding that some companies asking for five years’ timeline was ‘surprising’.

The Digital Personal Data Protection Act, 2023, which comes six years after the Supreme Court declared ‘Right to Privacy’ as a fundamental right, has provisions to curb the misuse of individuals’ data by online platforms.

The Act seeks to protect the privacy of Indian citizens while proposing a penalty of up to ₹250 crore on entities for misusing or failing to protect the digital data of individuals.

The consultation was attended by around 125 people representing various companies and industry bodies including Meta, Lenovo, Dell, Netflix, Paytm, Microsoft, Ficci, Broadband India Forum, MediaNama, among others.

Commenting on the consultation session, TV Ramachandran, President at Broadband India Forum told businessline, “The discussions were fruitful and very much welcome...some critics were also there, but such comments would also come as it is a vast topic.”