Most businesses continue to work to implement a consent management framework to ensure that the bill provides for free consent, specific, informed, unconditional and clear. The ability to allow consent management, including withdrawal and consent changes, may also require significant technical changes. “Consent management is a big obstacle. Divisions like e-commerce use granular consent tools, but traditional industries still adopt broad, non-compliant policies,” said Amit Jaju, senior managing director of Ankura Consulting Group (India).
While the new rules stem from protecting citizens’ digital rights, the responsibility for law enforcement lies with businesses. Organizations will have to overhaul their data processing practices.
Another key obligation in the draft rules will be mandatory reporting of personal data breaches to the Data Protection Commission within 72 hours, as well as notification directly to the affected individuals. Jaju said that violation response is low readiness: Only 4% of companies have proactive notification systems.
