Not withstanding the wishes of many to delay the passage of PDPB 2019, it appears that the JPC is determined to complete its work this week and present their recommendations to the Cabinet. This is indicated by the fact that the JPC has scheduled 5 meetings in the
next 3 days to discuss clause by clause consideration of the Bill. It had already been indicated that about 50 of the sections had already been discussed and finalized and hence the remaining 49 sections are due for discussion in these 5 sessions at 10 sections per session.
Hopefully the JPC will be able to complete its task as scheduled.
It is therefore time for all the doubting Thomases that they gear up to be compliant in time. The biggest challenges that the industry will face in this direction is
a) Resistance to Change
b) Unlearning the GDPR Concpets
c) Adopting to the multi compliance management scenario
Resistance to change is a universal problem and when disrupting new legislation is implemented, there will certainly be difficulties. However, I feel this will be a greater problem for the Government, Manufacturing entities and the Small entities while the IT companies who are already adopted to GDPR may accept and adopt to the new legislation without much of resistance.
However, while those entities for whom Privacy Protection through Data Protection is new will be able to learn the tricks of the trade from PDPA implementation, the IT Companies who are already aware of GDPR and other data protection laws will have another kind of difficulty namely “Unlearning the GDPR Concepts”.
Many of the concepts in PDPA could be different from GDPR and those who are expecting it to be a clone of GDPR will find erring on the wrong side when they think “Being compliant with GDPR is also being compliant with PDPA-India”
The concept of Privacy By Design Policy, Registration with DPA, Mandatory Consent, the Sandbox system, the Section 37 exemption, the Adjudication system etc may pose challenges of their own to those professionals and companies who cannot think beyond GDPR.
Lastly, the Indian Companies will try to act like a personal data hub and be required to be compliant with multiple laws simultaneously. In such a scenario, if they stick to ISO 27701 as a solution for compliance, they could find themselves wanting. They need to quickly get on board the PDPSI system (Personal Data Protection Standard of India) which is being drafted by FDPPI. (Foundation of Data Protection Professionals in India).
These and other details are being discussed today at the PrivSec webinar at 3.15 pm (1st December 2020)
Attendance is by registration here.