\"\"
<\/span><\/figcaption><\/figure>India’s Data Protection bill<\/a> looks to provide the legal framework for the right to privacy<\/a> to Indian citizens. But with suggested fines of Rs 15 crore or as much as 4% of your annual revenues, lack of compliance could be a costly affair.

But what are some of the key points that one needs to be cognizant of while preparing for the law?

“If you look at whatever is there in the draft bill, everything is new, for an organization in India, if you look at most of the provisions which are there in the bill, we haven’t practiced it in the past and this is what we have to take care of,” Anirban Sengupta, Partner - Cyber Security &
Data Privacy<\/a>, PwC<\/a> said.

He further explained his point by comparing the bill with GDPR (General Data Protection Regulation), adding that there were ‘stringent regulations’ in Europe and even then, organizations faced a lot of challenges in adopting it, which are still prevalent. He also added that there are new concepts whenever talking about the bill such as the Data Principal Rights, that haven’t been followed in the past which is something the organizations need to focus on.

“The next part which organizations should focus on is about consent. If the entire thing on consent management is taken care of, a lot of aspects of the bill will be addressed. Now, of course, it is easier said than done because, typically, if you look at consent, we have to take explicit consent, the consent has to be clear & concise, so we really have to look at how do we set out a system which is easy, easy for end-users to understand and to give consent, and then what are the business rules that I should set up,” Sengupta added.

According to Sengupta, data governance as a practice has to be evolved, which should be the focus for organizations, and the last aspect that they should focus on is ‘beyond their boundaries’ i.e. the data that is going to third parties, or the data processors.

Talking about the issues faced by organizations, Ayan De, CTO,
Exide Life Insurance<\/a> talked about the challenges that this Bill will usher. He said that while the BFSI & Telecom sector may be in a better position to deal with this, due to their own regulations such as the data residency & how data is to be processed, there are other aspects that will need fine-tuning.

“Starting from processes to technologies, to compliance, the legal aspects, the legal framework will have to be taken a fresh look on, the smaller things, like the contracts that we draw with our third parties, they have to be double-clicked and seen now what exactly goes in it, why the vendor contracts alone, we also have to start looking at the hiring offer letters to people who are supposed to join the organization, so these are some of the things that we have to be very very careful about,” De said.

Another aspect that he glossed upon is how many organizations have adopted cloud infrastructure, so do the security guidelines apply equivalently to the cloud architecture as well as it is managed by a third party as well. With many clauses being added to the Bill, De stated that the initial draft, which focused on
personal data<\/a>, is quite different from the current state.

On how long it will take for organizations to be fully compliant with the Bill, Prashant Deshpande, VP IT,
Shriram Value Services<\/a> added that the major challenge that exists today is the pandemic.

“Because during the pandemic, a lot of these digital lending firms came in the picture and practically, you know, they started saying a Maggi moment, ‘Take a loan within 2 minutes’ kind of thing, and in that process what they have done is that effectively they have got the access of your mobile phone and they can read all your information,” Deshpande said.

“So, yes, we are a traditional financing organization but still, we are also on digital, we are also on the mobile application, so what has happened is that the other side of the technology team always talks about AI, ML, and all those things, where they want more and more data to be collected, and they want decision-making to happen, and in that process, what we have done, we have collected humongous data,” he added.

Deshpande further explained that now that the Data Protection Bill will come into the picture, organizations will have to spend most of their time discovering ‘For what they have collected this data?’, ‘For what purpose we have used it?’, ‘How to erase it?’, and what is the impact that it will have on the lifecycle of that particular loan.

“The major challenge, what we’re going to get, once we collect a lot of data for decision-making is going to be the erasure of that data. So, based on the guidelines, if the customer says, ‘The process is over, or the project is over, please erase my information’, that time, it’s going to be a major challenge,” Deshpande said.

<\/body>","next_sibling":[{"msid":88965761,"title":"5G trials: Jio integrates energy utilities through sensors","entity_type":"ARTICLE","link":"\/news\/jio-says-integrated-energy-utilities-through-sensors-with-trial-5g-network\/88965761","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":88965884,"entity_type":"ARTICLE","title":"Are you ready for the Data Protection Bill?","synopsis":"India\u2019s data protection bill could have a far-reaching impact on enterprise operations and how they look at data management.","titleseo":"telecomnews\/are-you-ready-for-the-data-protection-bill","status":"ACTIVE","authors":[],"Alttitle":{"minfo":""},"artag":"ETCIO","artdate":"2022-01-18 10:29:28","lastupd":"2022-01-18 10:29:53","breadcrumbTags":["data protection bill","personal data","privacy","cybersecurity","data privacy","pwc","exide life insurance","shriram value services","Policy"],"secinfo":{"seolocation":"telecomnews\/are-you-ready-for-the-data-protection-bill"}}" data-authors="[" "]" data-category-name="" data-category_id="" data-date="2022-01-18" data-index="article_1">

数据保护法案,你准备好了吗?

印度的数据保护法案可能会对企业经营产生深远的影响,以及他们如何看数据管理。

  • 更新2022年1月18日上午10:29坚持
印度的数据保护法案看起来为权利提供了法律框架隐私印度公民。但建议15卢比的罚款或高达4%的年收入,缺乏合规可能是一个昂贵的事情。

但哪些要点,需要认识到而准备的法律?

“如果你看看无论在草案,一切都是新的,对于一个组织在印度,如果你看的大部分条款在该法案,我们过去没有练习,这是我们必须照顾,“Anirban森古普塔,合作伙伴——网络安全&数据隐私,普华永道说。

广告
他进一步解释他的观点,通过比较该法案GDPR(通用数据保护法规),并补充说在欧洲有严格的规定的,即便如此,组织面临很多挑战,采用它,它仍然盛行。他还补充说,每当有新的概念谈论权利法案等数据主体,没有遵循过去这是组织需要关注。

“组织应该关注的下一个部分是关于同意。如果整个同意管理照顾,很多方面的法案将得到解决。当然,这说起来容易做起来难,因为通常情况下,如果你同意,我们需要明确的同意,同意必须清晰和简洁,所以我们真的要看我们如何制定了一个系统,它是很容易的,最终用户容易理解和同意,然后我应该建立的业务规则,”森古普塔说。

森古普塔表示,数据治理实践必须进化,应该重点组织,最后一个方面,他们应该关注的是“超出了他们的界限”即要第三方的数据,或数据处理器。

谈论组织所面临的问题,·德首席技术官,Exide人寿保险谈到这项法案将开启的挑战。他说,虽然BFSI &电信部门可以更好地解决这一问题,由于自己的法规等数据居住权&数据是如何处理的,还有其他方面需要微调。

广告
“从过程技术、合规、法律方面,法律框架必须新鲜看,越小的事情,就像我们与第三方的合同,他们必须双击运行,现在到底是在为什么供应商合同,我们也必须开始看招聘提供信件的人应该加入该组织,所以这些东西我们要非常非常小心,”德说。

他忽略的在另一个方面是有很多组织采用云基础设施,所以做安全准则同样适用于云架构,以及它是由第三方管理。有许多条款被添加到该法案,德表示,最初的草案,关注个人资料从当前状态,是完全不同的。

在多长时间组织完全符合该法案,潘德,副总裁,Shriram价值服务补充说,今天是大流行存在的重大挑战。

“因为流感大流行期间,大量的这些数字的贷款公司出现在图片,实际上,你知道,他们开始说一个美极的时刻,需要贷款在2分钟的东西,在这个过程中他们所做的是有效地访问了你的手机,他们可以阅读你所有的信息,“Deshpande说。

“那么,是的,我们是一个传统的融资组织不过,我们也在数字,我们还在移动应用程序中,所以发生了什么是对方的技术团队总是谈论AI, ML,和所有这些东西,他们想要越来越多的数据收集,和他们想要的决策,在这个过程中,我们所做的,我们收集了巨大无比的数据,”他补充道。

Deshpande进一步解释说,现在数据保护法案将进入图片,组织必须花大部分的时间发现他们收集了这些数据?”、“我们使用它有什么目的?”、“如何抹去吗?”,会造成什么影响,它对特定的生命周期贷款。

“主要的挑战,我们会得到什么,一旦我们收集很多数据的决策将会擦除数据。根据指南,如果客户说,“这个过程已经结束,或项目结束后,请删除我的信息”,那个时候,这将是一个重大的挑战," Deshpande称。

  • 发表在2022年1月18日上午10:29坚持
是第一个发表评论。
现在评论

加入2 m +行业专业人士的社区

订阅我们的通讯最新见解与分析。乐动扑克

下载ETTelec乐动娱乐招聘om应用

  • 得到实时更新
  • 保存您最喜爱的文章
扫描下载应用程序
\"\"
<\/span><\/figcaption><\/figure>India’s Data Protection bill<\/a> looks to provide the legal framework for the right to privacy<\/a> to Indian citizens. But with suggested fines of Rs 15 crore or as much as 4% of your annual revenues, lack of compliance could be a costly affair.

But what are some of the key points that one needs to be cognizant of while preparing for the law?

“If you look at whatever is there in the draft bill, everything is new, for an organization in India, if you look at most of the provisions which are there in the bill, we haven’t practiced it in the past and this is what we have to take care of,” Anirban Sengupta, Partner - Cyber Security &
Data Privacy<\/a>, PwC<\/a> said.

He further explained his point by comparing the bill with GDPR (General Data Protection Regulation), adding that there were ‘stringent regulations’ in Europe and even then, organizations faced a lot of challenges in adopting it, which are still prevalent. He also added that there are new concepts whenever talking about the bill such as the Data Principal Rights, that haven’t been followed in the past which is something the organizations need to focus on.

“The next part which organizations should focus on is about consent. If the entire thing on consent management is taken care of, a lot of aspects of the bill will be addressed. Now, of course, it is easier said than done because, typically, if you look at consent, we have to take explicit consent, the consent has to be clear & concise, so we really have to look at how do we set out a system which is easy, easy for end-users to understand and to give consent, and then what are the business rules that I should set up,” Sengupta added.

According to Sengupta, data governance as a practice has to be evolved, which should be the focus for organizations, and the last aspect that they should focus on is ‘beyond their boundaries’ i.e. the data that is going to third parties, or the data processors.

Talking about the issues faced by organizations, Ayan De, CTO,
Exide Life Insurance<\/a> talked about the challenges that this Bill will usher. He said that while the BFSI & Telecom sector may be in a better position to deal with this, due to their own regulations such as the data residency & how data is to be processed, there are other aspects that will need fine-tuning.

“Starting from processes to technologies, to compliance, the legal aspects, the legal framework will have to be taken a fresh look on, the smaller things, like the contracts that we draw with our third parties, they have to be double-clicked and seen now what exactly goes in it, why the vendor contracts alone, we also have to start looking at the hiring offer letters to people who are supposed to join the organization, so these are some of the things that we have to be very very careful about,” De said.

Another aspect that he glossed upon is how many organizations have adopted cloud infrastructure, so do the security guidelines apply equivalently to the cloud architecture as well as it is managed by a third party as well. With many clauses being added to the Bill, De stated that the initial draft, which focused on
personal data<\/a>, is quite different from the current state.

On how long it will take for organizations to be fully compliant with the Bill, Prashant Deshpande, VP IT,
Shriram Value Services<\/a> added that the major challenge that exists today is the pandemic.

“Because during the pandemic, a lot of these digital lending firms came in the picture and practically, you know, they started saying a Maggi moment, ‘Take a loan within 2 minutes’ kind of thing, and in that process what they have done is that effectively they have got the access of your mobile phone and they can read all your information,” Deshpande said.

“So, yes, we are a traditional financing organization but still, we are also on digital, we are also on the mobile application, so what has happened is that the other side of the technology team always talks about AI, ML, and all those things, where they want more and more data to be collected, and they want decision-making to happen, and in that process, what we have done, we have collected humongous data,” he added.

Deshpande further explained that now that the Data Protection Bill will come into the picture, organizations will have to spend most of their time discovering ‘For what they have collected this data?’, ‘For what purpose we have used it?’, ‘How to erase it?’, and what is the impact that it will have on the lifecycle of that particular loan.

“The major challenge, what we’re going to get, once we collect a lot of data for decision-making is going to be the erasure of that data. So, based on the guidelines, if the customer says, ‘The process is over, or the project is over, please erase my information’, that time, it’s going to be a major challenge,” Deshpande said.

<\/body>","next_sibling":[{"msid":88965761,"title":"5G trials: Jio integrates energy utilities through sensors","entity_type":"ARTICLE","link":"\/news\/jio-says-integrated-energy-utilities-through-sensors-with-trial-5g-network\/88965761","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":88965884,"entity_type":"ARTICLE","title":"Are you ready for the Data Protection Bill?","synopsis":"India\u2019s data protection bill could have a far-reaching impact on enterprise operations and how they look at data management.","titleseo":"telecomnews\/are-you-ready-for-the-data-protection-bill","status":"ACTIVE","authors":[],"Alttitle":{"minfo":""},"artag":"ETCIO","artdate":"2022-01-18 10:29:28","lastupd":"2022-01-18 10:29:53","breadcrumbTags":["data protection bill","personal data","privacy","cybersecurity","data privacy","pwc","exide life insurance","shriram value services","Policy"],"secinfo":{"seolocation":"telecomnews\/are-you-ready-for-the-data-protection-bill"}}" data-news_link="//www.iser-br.com/news/are-you-ready-for-the-data-protection-bill/88965884">