nasscom has requested the Ministry of Electronics and Information Technology (MeitY) that organisations with no experience in personal data protection will potentially require the most time to comply with Digital Personal Data Protection (DPDP) Act. nasscom’s observation was part of a representation made to MeitY on enabling effective implementation of DPDP Act. It sought clarification and guidance on the full scope of the act. These included government organisations, logistics enterprises, professionals, offline retailers, research institutions, educational institutions, and so forth. nasscom added that these entities will be constructing compliance programs from the ground up.

Meanwhile, nasscom reported that there are many big and small organisations in India which will not have the exposure to horizontally applicable foreign data protection laws, but will have limited compliance programmes in place. It added that only after the rules are finalised and the additional notifications are made clear, that organisations can estimate the time and resources required to establish and operate their DPDP Act compliance programmes.

Additionally, as per nasscom, there is also a need for guidance, over and above rules, to help organisations interpret terms and concepts in the DPDP Act, that have no rule making power attached to them, with confidence.