The Data Protection Bill has a significant impact on the IT businesses including software development. Here are some insights from Sandeep Bhambure, Vice President and Managing Director, India & SAARC, Veeam Software.
1. Take on the Data Protection Bill and its anticipated impact on businesses in the tech industry
The Data Protection Bill introduces a gamut of regulations for organisations, namely around the management of the sensitive data they collect and hold. The proposed law may have a considerable impact on Indian companies operating in the technology industry. With data now trading as a valuable currency, compliance with the bill will be an obvious priority for organisations. They need to be prepared to respond to this policy change and have to be agile when updating their business policies. Having said that, they will have to make significant changes in the way data is collected, stored and managed from updating their IT design and infrastructure, to set up local servers and appointment of data protection officers.
2. How leveraging efficient data management capabilities makes it easier for organisations to comply with the regulations?
While the strengthened regulations come as good news for consumers, preparing to become compliant will be crucial for businesses. With the amount of data collected only growing, organisations will have to ensure that the data is intact and protected. There exists a gap in the industry as a whole of being able to truly understand what data is and the type of data that exists, and who should have access to it. So in the first place, it is important to know their data, and then know how to manage it, so that they are in compliance while recovering or moving their data. In a digital environment where trust and transparency are dynamic, implementing a modern cloud data management practice will be necessary for Indian organisations to control their data sprawl and assess their readiness for law implementation.
3. Steps businesses can take to turn the atmosphere of urgency into an atmosphere of achievement
As businesses continue to speculate about the Indian Data Protection Bill, there is growing debate around preparedness and the best approaches towards compliance. It is important for organisations to look at the Personal Data Protection Bill as ‘evolution’, and not ‘revolution’. As part of these efforts, here are seven guidelines to help organisations successfully prepare themselves for data protection law compliance:
· Know your data -Identify the personally identifiable information (PII) your organisation collects, has and who has access
· Manage the data - Establish the rules and processes to access and use PII.
· Protect the data - Implement and ensure security controls are in place to protect the information and respond to data breaches
· Document and comply - Document your processes, execute on data requests and report any issues or data breaches within the guidelines
· Stay informed of industry changes- Organisations should initiate their planning towards compliance and understand what data is acquired, maintained and processed, and the legal basis for it.
· Keep certifications and technology up-to-date - Organisations need to implement adequate technical and organisational controls and identify the practices they have in place and test them to see if they're strong, relevant and effective.
· Sustaining privacy in organisations - This is ultimately the responsibility of the employees, hence, it is imperative that employee awareness and sensitization programs are driven, from the critical components to successful privacy governance.
Organisations who are quick at creating effective compliance strategies will reap immense benefits. With a focus on getting ahead of the new regulations, Indian businesses can lead the charge in data compliance, proving on a global scale, that India truly is the globe’s digital hub.