The Government of India (GoI) has been pushing for stronger data protection laws. The new Digital Personal Data Protection Bill, 2022 was released focusing more on personal data. But the GoI sees this version of the Data Protection Bill as only one of the pieces that form part of its larger policy vision for the entire digital economy. With the digital push India has been receiving for the public and private sectors, there is and has been a strong demand for robust data protection and privacy policies to be set up. Approximately 137 out of 194 countries have put in place legislation to secure the protection of data and privacy currently and India is catching up to them. The policies set by USA, EU and China are currently well-established models.
Time for businesses to put their data protection plan in place and be ready for the government’s initiative
As the government is proceeding with getting a policy in place, businesses also need to kickstart their data protection plan and set in place policies to get ahead of their competition. Data protection is not just a legal necessity but crucial to protecting businesses and maintaining reputation. However many organizations including those that are established have concentrated on the data protection policy. This is also because many do not differentiate between data security, protection and privacy. But strong data protection will only enhance the other factors and with a few steps this can be easily implemented and achieved:
- Understanding your company, its risk appetite, the data type and the form collected
- Engage in the ‘Triple A” process where data is authenticated, access is authorized and constantly audited
- Understand the data lifecycle phase and ensure protection throughout
- Managing data access is one of the best ways to ensure data protection
- Understand the legislative regulations of the land and plan the policies based on it
- Organize and store the data with a 3-2-1 backup strategy
- Include Pseudonymisation as suggested in GDRP where in the case of a data breach or loss are much simpler and the risks are greatly reduced
- Document the data protection plan
A data protection plan enables an organization to take charge and protect vital data in its possession. Some companies will have a separate data protection policy in addition to their data protection plan. If this is the case, the data protection plan will set out how the organization plans to protect its data while the data protection policy will essentially be the internal “rulebook” for how employees should behave when handling personal data. With the right approach, organizations can be compliant-ready and ahead of others.