According to Rajeev Chandrasekhar, Union Minister of State for Electronics and Information Technology and Skill Development and Entrepreneurship, the rules under the Digital Personal Data Protection (DPDP) Act 2023, will be released in the next 30 days. The Data Protection Board will also be formed in the same timeframe.

During his address at the first Digital India Dialogue discussions on the recently enacted DPDP Act 2023, Chandrasekhar informed that some businesses such as startups and micro, small and medium enterprises (MSMEs) and establishments such as hospitals that handle people’s data might get more time to adhere to these rules. This is because they may not have as much experience handling data as bigger data fiduciaries do. So, they can ask for more time to learn and follow the rules. However, big tech companies that must already be complying with global data protection or privacy laws such as the European Union’s General Data Protection Regulation, would be expected to comply at the earliest. Any violations of these rules will be managed by the Data Protection Board.

The minister reiterated the primary purpose of this law which is to guarantee the trust and safety of all digital citizens, emphasising that all data fiduciaries must adhere to the law. He further assured that the government is open to considering valid arguments for extending the compliance period when accompanied by compelling reasons.

The Digital India Dialogue discussions were held with key industry stakeholders on the transition time needed for specific clauses of the law and to seek specific inputs on the implementation. The session was attended by a diverse range of stakeholders of the technology ecosystem including industry associations, start-ups, IT professionals, think tanks and lawyers. More than 100 stakeholders attended the consultation.