We are now 314 days away from the full implementation of DPDPA 2023. From 13th May 2027, Banks like all other organizations will be facing the prospect of the inquiries from DPB on customer grievances related to “Data Access”, “Data Deletion”, “Processing without Permission” etc.
FDPPI has been providing assistance to organizations to be compliant with DPDPA by developing specific compliance framework under the umbrella of “DGPSI” or Data Governance and Protection Standard of India, Recently the DGPSI-Hospitals, a framework for hospitals was released and is now under Public discussion.
One of the key issues in the Banking segment is that personal data is collected and used at hundreds of branches while the data may sit in a central server and the DPO may be stationed in the head office without adequate oversight over the branch activities.
Additionally, use of data processors and AI has also increased and needs to be factored in. Many of the Banks also have exposure to RTI act and POSH act which also cannot be neglected.
RBI has its own regulations on cross border data transfer, data retention and AI usage.
Many of the Banks have been notified under Section 70 of ITA 2000 introducing separate obligations of information security.
Most Banks have hundreds of processes covering multiple products, services.
Hence compliance in a Banking environment is complicated and requires special attention.
Hopefully DGPSI-Banks try to address as many concerns as possible in the Banking sector so that before 13th May 2027, Banks can make substantial progress in the implementation of DPDPA.
Watch out for more discussions on this website while the framework takes shape.
Naavi









