The Digital Personal Data Protection Act 2023, also known as DPDP Act or DPDPA 2023, has been passed by the Government of India in the Monsoon Session last year. The law aims at ensuring the processing of digital personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto. In the same vein, SM Consulting – in association with Tech Achieve Media – organised a webinar titled “Mastering data protection: Your guide to DPDPA compliance” on 1 June 2024.
The webinar witnessed tremendous participation from pre-eminent personalties from across notable companies that belonged to IT, healthcare, automobile, manufacturing, and real-estate sectors. The session was conducted by Sameer Mathur, the Managing Partner of SM Consulting, who has nearly three decades of experience in the industry. He is an expert on the DPDPA Law. Joining him was SP Arya, an industry veteran with over four decades of experience. Throughout his career, he has held the position of Chief Information Officer (CIO) in large and medium-sized organizations. SP Arya is also a Senior IT Advisor, leader, speaker, and mentor, and has earned the title of Doctor of Excellence in IT.
Sameer Mathur highlighted why it was important for companies to embark on their DPDPA journey, while touching upon the important points of the Act. “The responsibility for ensuring compliance with data privacy regulations rests with the company’s board of directors. While IT departments play a vital role in implementing data security measures, they are not solely responsible for data generation. Data generation occurs across various departments, including HR Departments, which manage employee data and new interviewees, Marketing Departments, which collect data from social media and other sources, and Sales Departments, which handle data from previous customers,” he said.
He further added: “The responsibility for ensuring compliance with data privacy regulations rests with the company’s board of directors. While IT departments play a vital role in implementing data security measures, they are not solely responsible for data generation. Data generation occurs across various departments, including HR Departments, which manage employee data and new interviewees, Marketing Departments, which collect data from social media and other sources, and Sales Departments, which handle data from previous customers.”
SP Arya added his thoughts on a CIOs perspective of the DPDPA. “Under data protection laws, organizations have certain obligations they must fulfill to protect personal data. These obligations include transparency, data minimization, accuracy, security, and accountability. Failure to comply with these obligations can result in significant penalties,” he said.
Why Digital Personal Data Protection Act Will Be Extremely Important for Organisations in the Near Future
Sameer Mathur, in his presentation in the webinar, spoke about why DPDPA will be pertinent for organisations in the immediate future. “Organizations must still comply with extensive obligations to protect personal data. Failure to comply with these obligations can result in significant penalties,” he stated. Some of these obligations include:
- Consent: Organizations must obtain valid consent from individuals for the collection, use, and sharing of their personal data.
Access: Individuals have the right to access their personal data and request that incorrect or incomplete data is corrected or deleted. - Data Breaches: Organizations must report data breaches to individuals and regulatory authorities without undue delay.
- Lawful Processing: Personal data must be processed lawfully, fairly, and transparently.
- Data Protection Measures: Organizations must implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, or disclosure.
The session also featured several insightful interactions with participants on the webinar, who had a range of questions to ask regarding the law. “Effective data protection requires organizations to be transparent about the data they collect, how it will be used, and with whom it will be shared. They must also limit data collection, use, and retention to what is necessary for the intended purpose, ensure data accuracy and up-to-date status, implement appropriate technical and organizational measures to protect data, and be accountable for complying with data protection laws, demonstrating compliance upon request,” said SP Arya.
Physical Workshop on DPDPA
After witnessing resounding success to the DPDPA virtual session, SM Consulting and Tech Achieve Media have announced their intent to hold a full day in-person paid workshop in New Delhi on 29 June. The in-person session will provide various insights into concepts of privacy and data protection, data principal rights and duties, consent management, data fiduciary, roles and responsibilities, and penalties for non-compliance, among other topics. Upon successfully completing the workshop, participants will also be rewarded certificates. Those who wish to attend the physical workshop are advised to write to info@techachievemedia.com for further details.