Captive Coffee day

Importance of Data
Privacy
July 2023
 CONTENTS
01 What is Privacy?

02 Privacy in India

03 Impact and Roadmap

04 Our Solution Offering

05 Questions

Page 2 Data Privacy Training Session

What is Privacy?
What is Privacy?
EU DPD India DPDP Bill
PDPB
Minimal
collection, Strict Strict
data definition of penalties as
OECD expiration privacy per non-
ECHR citizen rights compliance
Privacy Limitation of
Fair and lawful
processing, right Direct identified
is a state of an Right to data to object, special applicability, Financial
individual to respect for collection rules for global scope, penalties upto
seclude private life and use sensitive data fines, obligatory 500 crores with
themselves, or privacy of home Data quality, and processing, breach respect to non-
limits to notification, joint compliance of
information and purpose
correspondence limitation, automated responsibility obligations for
about (controllers/proc data privacy
openness, processing,
themselves, independent essors)
accountability
and express DPAs, role of
themselves courts
195 198 199 201 202
selectively. 2
0 0 5 8

► ECHR: European Convention of Human Rights

► OECD: Organization for Economic Co-operation and Development
► EU DPD: European Union Data Protection Directive
► PDPB: Personal Data Protection Bill
► DPDP: Digital Personal Data Protection

Page 4 Data Privacy Training Session

Background
Privacy encompasses the rights and obligations of individuals and organizations with respect to
the collection, use, disclosure, and retention of personally identifiable information. Data Privacy is
the necessity to preserve and protect any personal and sensitive personal information collected by the
organizations in any form.
Data Lifecycle Personal Information is information
that is, or can be, about or related to
a natural individual.
Common Threats Could Result In…
► Lost or stolen media ► Identity theft
Retentio ► Over-sharing of personal (customers, employees,
Collectio Disclosu n and information business partners)
n Use Sharing re Disposal Brand and reputation
► Good intentions but ►

misused data damage

► Third party service ► Litigation
provider weaknesses ► Regulatory action
► Web site compromise ► Direct financial loss
Health data Hackers (inside and
Information

► ► Loss of market value

Information

Information
Categories

Name Financial data outside) ► Loss of consumer and

Unwanted marketing
Personal

Sensitive

► business partner
Home address
Personal

Personal

Official identifier
communications confidence
Email address Genetic data (telephone, email) ► Becoming the example
Date of birth
► Fraudulent transactions of what could go wrong
Biometric data
► Social engineering,
Phone number Religious or political belief or including phishing
affiliation

Page 5 Data Privacy Training Session

Why is Data Protection big news?
BharatPay AIIMS Suzuki Motorcycles
Exposure of personal data Unauthorised encryption Cyberattack forced plant
of 37K users of 1.3 TB of data across shutdown
BharatPay’s data breach exposed five servers Suzuki Motorcycles cyber attack led to
37K personal data of Indian users AIIMS’ data breach led to the complete shutdown of the plant in
revealing PII, financial records, unauthorised encryption of 1.3 TB India. It also led to the postponement
transaction logs, API keys of online data, leading to a two week work on of the annual supplier conference held
k d e
bill payment facilitators and l ea obtaining data from an unaffected r is e by Suzuki.
w ar
e o n m
information related to SMS vendors
b as to s data server.
uth tio p nso a ck
ta ue litie a
Da d a bi U n n c ry a c k Ra Att
r E att
u lne
August 2022 v December 2022 May 2023

n
l i tyi as
e
bi y ta b d
e ra m s September 2022
u ri t December 2022 May 2023
Da acke
ln te e c es H
Vu sys m
s liti
i
e
st erab RailYatri Zivame
Swachhata Platform y
S ul n 31 M users and 37K Personal data of 1.5
Breach affecting the v
platform leaked data of 16 records were leaked on the million Zivame customers
M users dark web on sale
Swachhata platform data breach RailYatri reported the data breach to Zivame’s data breach exposed more
revealed 16 M customer data the authorities highlighting the than 1.5 M customer data revealing
including personal data such as email compromise of 31M users and 37K phone numbers, names, addresses,
address, password hashes, phone records including personal information email addresses. The entity alleged to
number, OTP information, login IP, of certain registered users was be responsible for the attack is willing
browser fingerprint information accessed by unauthorised individuals to sell it for $500 in cryptocurrencies

Page 6 Data Privacy Training Session

Privacy regulations: a global perspective

Page 7 Data Privacy Training Session

Generally Accepted Privacy Principles (GAPP)
Management Notice Choice and Consent
The organization defines, The organization provides notice The organization describes the

10
documents, communicates, and about its privacy policies and choices available to the
assigns accountability for its procedures and identifies the individual and obtains implicit
privacy policies and procedures purposes for which personal or explicit consent with respect
information is collected, used, to the collection, use, and

1 retained, and disclosed

2 3
disclosure of personal information

Generally Collection Use, Retention and

Disposal
Access

Accepted The organization collects

personal information only for the The organization limits the use of
The organization provides
individuals with access to their

Privacy purposes identified in the

notice
PII to the purposes identified in
the notice and for which the
personal information for review
and update

Principles
4 5 6
individual has provided consent.
The organization retains PII for only
as long as necessary or if there is
some regulatory requirement
Disclosure to third Security for Privacy Quality Monitoring and
Parties The organization protects The organization maintains Enforcement
The organization discloses personal information against accurate, complete, and The organization monitors
personal information to third parties unauthorized access (both physical relevant personal information compliance with its privacy
only for the purposes identified and logical). for the purposes identified in the policies and procedures and has
notice

7 8 9 10
in the notice and with the implicit or procedures to address privacy
explicit consent of the individual related complaints and disputes

Page 8 Data Privacy Training Session

Privacy in India
 Emergence of Privacy Laws in India

Constitution of India Ministry of Information Ministry of Information and Ministry of Information

(1950) and Technology (2008) and Technology (2011)
The constitution of India formed in Technology (2000) Amendments to IT Act and was Through amendment to IT Act
1950 did not recognize the right Information Technology Act 2000 passed on 23 Dec 2008. Section 43A 2000, Section 43A was passed in
to privacy of any individual was passed to provide and 72A were introduced to address 2008 and Information Technology
regulatory framework for privacy concerns. 43A covers Rules were passed in 2011. These
electronic commerce. IT Act compensation & fines up to INR 50 rules are the basis of Privacy
2000 addresses computer crime, million. 72A covers consent, contract related regulatory framework in
hacking, damage to computer violation & imposes up to 3 year jail India.
source code term and fine.

The Personal Data Digital Personal Data Digital India Act (July 2023) Other local and global
Protection Bill, 2018 (27 Protection Bill (18 The act is a new legislation that laws
July 2018) November 2022) aims to overhaul the decades-old Depending on the Industry sector
In 2017, the Supreme court issued In 2022, the Personal Data Information Technology Act, 2000. and regions of operations of an
a historic ruling decreeing that a Protection Bill, 2019 was The Digital India Act, which is a organisation, further Data Privacy
right to privacy is part of the withdrawn by the central proposed legislation as of July 2023, laws or requirements of local
fundamental rights to life and government. MeitY released its will fully replace the current regulators and other countries
liberty enshrined in Article 21 of much-awaited personal data Information Technology Act (IT Act) maybe applicable. E.g. Financial
the country's constitution. The protection bill, i.e., the Digital of 2000, which has faced criticisms sector organisations also need to
Personal Data Protection Bill 2018 Personal Data Protection (DPDP) for its outdated policies and comply with requirements of RBI
submitted by the Justice B N Bill, 2022 (DPDP Bill) on 18 inadequacies in dealing with guidelines
Srikrishna
Page 10 committee was a key November 2022 Data Privacy Trainingmodern-day
Session
technological issues
step towards Data Privacy in India.
 Emergence of the Digital Personal Data Protection (DPDP) Bill
July 2017 August 2018 JPC unanimously suggested 3 August 2022 3 January 2023
A 10-member committee under The Srikrishna that the bill should expand The Personal Data The DPDP Bill,
retired Supreme Court judge B.N. committee submitted its its ambit and focus on Protection Bill, 2019 2022 was open for
Srikrishna was set up to examine the draft report to IT minister overall data protection that was withdrawn by public comments
need for a data protection law in India Ravi Shankar Prasad in In covers both personal and the central
and create a framework for it August 2018. non-personal data government

Aug Dec Nov Nov

Jul 2023
2017 2019 2021 2022
Aug Nov Aug
Jul 2017 Jan 2023
2018 2020 2022
22 November 2021
August 2017
After two years of
The groundwork for this bill
December deliberations and 18 November 2022 7 July 2023
was laid by an August 2017
extensions, the JPC finally
judgment by the Supreme 2019
PDP bill was tabled in MeitY released its much- Union cabinet
adopted its report
Court that identified the Indian parliament awaited personal data approved the
privacy as a fundamental by MeitY in December protection bill, i.e., the draft data
right 2019 Digital Personal Data protection Bill, it
It highlighted the inadequacies of the Protection (DPDP) Bill, is likely to be
November introduced in
Information Technology (IT) Rules, 2011 (IT 2022 (DPDP Bill)
Act 2000) in dealing with new challenges of 2020
JPC proposes widening the scope of data Parliament in
data protection. The committee said that the protection the upcoming
definition of sensitive personal data under monsoon
the IT act was narrow and it left out several session.
categories of personal data from its
protective remit

Page 11 Data Privacy Training Session

Applicability of Digital Personal Data Protection (DPDP) Bill
The objective of the bill is to ensure a free and fair digital Indian economy and it is seen as an critical step
in setting up a privacy framework which gives the Indians full freedom to protect their personal data.

Establishing applicability

Establishment in India
Any Indian company,
Indian citizen or
person or body of
persons… Processing of “digital” personal data where such data has been collected from data
subjects online, or collected offline and then digitised within the territory of India

Offering goods and

Services

Processing of digital personal data outside the territory of India, if such processing is
….involved in in connection with any profiling of, or activity of offering goods or services to Data
processing of Principals within the territory of India
personal data.

Page 12 Data Privacy Training Session

Overview of Digital Personal Data Protection (DPDP) Bill

Applicability of DPDP Bill:

1. Collected within India
(i) through online mode
(ii) offline mode but is then digitized
2. Collected outside India: If such processing is in connection with profiling of, or activity of offering goods or services to data
principals within India

The individual to whom Any person who alone or Any person who Any data fiduciary or
the personal data in conjunction with other processes personal data class of data fiduciaries
relates and where such persons determines the on behalf of a Data may be designated by
individual is a child purpose and means of Fiduciary the Central Government
includes the parents or processing of personal as a “Significant Data
lawful guardian of such data Fiduciary” after taking
a child. into account the volume
and sensitivity of
personal data
processed, risk of harm
to the data principal or
electoral democracy,
impact on national
sovereignty and
security, and public
Data Principal Data Fiduciary Data Processor Significant Data Fiduciary
order.

Page 13 Data Privacy Training Session

Digital Personal Data Protection (DPDP) Bill – Snapshot
Grounds for Notice Consent Significant data
processing Provide Obtain fiduciaries
digital personal information consent Understand and comply
data before collection for with the requirements
Process for a lawful processin for significant data
purpose g fiduciaries

Manage data breaches Limit storage of data

Build capability to detect, Data fiduciaries need to identify the
analyze and report data retention periods of personal data
breaches and conduct regular reviews to
ascertain the need to retain
Digital personal data
Personal
Data Process child’s personal data
Security measures Protectio only on “verifiable” parental
Update security safeguards n Bill, consent
and implement additional 2022
controls for adequate
protection of personal data.

Provide contact
information of Data principal
the Data Data rights
Protection International Build capabilities to
Protection
Officer Data transfer as provide rights to
Board of
per notification by data principals
India
Government
Page 14 Data Privacy Training Session
Penalties of Digital Personal Data Protection (DPDP) Bill
Determining the amount of penalty for non-
compliance identified as per Schedule 1
Penalties as per the Subject Matter of non-compliance
Schedule I While determining the amount of a financial
As per Section 25, if the Board determines on conclusion of an inquiry that non-compliance by penalty to be imposed, the Board shall have regard
a person is significant, it may, after giving the person a reasonable opportunity of being heard, to the following matters:
impose such financial penalty as specified in Schedule 1, not exceeding rupees five hundred
crore in each instance • The nature, gravity and duration of the
non-compliance
Non-compliance subject matter Penalty • The type and nature of the personal data
affected by the non-compliance
Failure of Data Processor or Data Fiduciary to take reasonable security
up to Rs • Repetitive nature of the non-compliance;
safeguards to prevent personal data
250 crore
breach under sub-section (4) of section 9 of this Act • Whether the person, as a result of the non-
Failure to notify the Board and affected Data Principals in the event of a compliance, has realized a gain or avoided
personal data breach, under sub-section (5) of section 9 of this Act Up to 200 any loss
Non-fulfilment of additional obligations in relation to Rs 200 crore Children; crore • Whether the person took any action to
under section 10 of this Act mitigate the effects and consequences of the
Non-fulfilment of additional obligations of Significant Data Fiduciary; under up to Rs non-compliance, and the timeliness and
section 11 of this Act 150 crore effectiveness of that action
Non-compliance with section 16 of this Act Up to 10 K • Whether the financial penalty to be imposed is
proportionate and effective, having regard to
Non-compliance with provisions of this Act other than those listed in (1) to up to Rs 50
(5) crore achieving compliance and deterring non-
compliance with the provisions of this Act
• The likely impact of the imposition of the
financial penalty on the person

Page 15 Data Privacy Training Session

Impact and
Roadmap
 Overall impact of Digital Personal Data Protection (DPDP) Bill on
organizations

1 2 3 4
1 Multiple legacy
Organizations may systems may require Clear customer
Transparenc
Responsibility between
have to evaluate how alignment with the consent and training
y and organizations and
much personal data new privacy norms. and awareness for
8 accountabili 2 the third parties will
Data needs to be stored and Organizations will have dealing with
ty have to be clearly
principal ensure its segregation to consider privacy by customer requests
Privacy by defined in-line with the
rights from other types of design while and complains will be
design bill
data processing personal required
data

Clear 3 O V E R A L L I M PA C T
7 Cross border Impact on customer
transfers
Organizations consent

Profiling and AI based

Multiple data points tracking may have to Organisations will have
Organizations will have
about a customer be revamped to to to update their
to gain visibility over
needs to be in a promote consent processes and
Profiling solutions undertaking
Third party structured, commonly framework, purpose technologies to be
cross-border transfer
management used and machine- and storage able to fulfil data
of personal data
readable format limitation and data principal rights
6 Data 4
minimization
discovery
5 6 7 8
5

Page 17 Data Privacy Training Session

Roadmap to compliance

EVALUATE CURRENT UNCOVER THE RISKS TAKE QUICK ACTION

ENVIRONMENT  Develop an inventory of systems,  Communicate regulatory changes
 Identify and empower an individual controls, and procedures to and their potential impact to
(DPO) within your organization to be understand where personal data are internal stakeholders to raise
the contact point (internal, processed and which specific controls awareness and obtain senior-level
external, regulatory), to monitor, (e.g., data usage) exist. support.
report and plan for changing legal  Assess available privacy and data  Develop a risk-based remediation
obligations and establish consistent protection methods and shortlist strategy and roadmap
messaging. the method(s) that meet the
 Evaluate risk exposure and prepare requirements of your organization.
for potential inquiries from stakeholders  Assess your current state (e.g.,
like the Authority (to be established), compliance with existing
clients or employees etc. requirements from IT Act 2000, IT
 Discover personal data being Rules 2011 etc. and the draft bill, third
processed and gather existing party sharing, etc.).
documentation on data processing
operations, including data transfers,
data protection, technical and
organizational safeguards etc.

Page 18 Data Privacy Training Session

Our solution
offering
EY Data Protection & Privacy (DPP) Service Offerings

Supporting clients PRIVACY PROGRAM ACTIVATION Dedicated

with Data Protection

► Local/regional and Global Data Privacy program strategy &
compliance
120+ Data
Protection 175 Engagemen
ts delivered
and
and Privacy to ensure
sustained growth
► Data privacy assessments, implementation, operationalization,
monitoring & sustenance
Privacy
profession +
► Data privacy audits Supporting global
als and local laws and
Data Protection & Privacy needs are ► Data privacy technology enablement regulations across regions including
evolving across industries driven by
► ISO 27701 readiness and certification support
► EU - GDPR ► New Zealand Privacy Act
► Training and awareness
technological developments, ► India PDPB ► Japan APPI
► DPO as a service
proliferation of digital devices, ► Managed Privacy services including
► Singapore PDPA ► China PIPL
growing data complexity, surging ► Data Protection Impact assessment (DPIA)
► Brazil LGPD ► South Africa POPIA
commercialisation of data, business ► Data inventorisation
► Canada CPPA
diversification and changes in ► Data subject rights management

regulatory landscapes. ► Privacy by Design (PbD) Solutions Industries served

► Breach management & notification ► OneTrust ► Banking and Financial Services
Organizations are rapidly ► Record of Processing Activities (ROPA) ► BigID ► TMT
reinventing their business models ► Data transfers ► Usercentrics ► Life sciences and health care
and embracing digital technologies ► Third party privacy management, etc. ► Symantec ► CHS
such as internet of things, artificial INFORMATION PROTECTION ► IBM ► AMI
► Data governance
intelligence, data analytics and ► Collibra ► Travel and Hospitality
► Data discovery
enterprise integration with ► Anonos ► E-commerce
► Data classification
operational technology data. These ► Data Loss prevention
► TrustArc
technologies generate, process and ► Data encryption
► Securiti Certifications held by the team
hold large volumes of data which ► Data masking & tokenization ► SecuPi ► CIPP/E ► ISO 27001 LI/LA
adds complexity in its management ► Data retention and disposal ► Blancco ► CIPM ► CISA
in line with the ever-increasing ► Data localisation ► CIPT ► CISM
regulatory landscape. Therefore, ► Data Lake security
► FIP ► ITIL v3
Data Protection and Privacy become
► Meta Data management
► Managed Information protection services
► BS10012 PIMS ► OTCP
critically important to effectively ► ISO 27701 LI/LA
manage data and maintain
consumer trust.
Page 20 Data Privacy Training Session
List of certifications in data protection
Certifications in cyber
Certifications in privacy
security
• Certified Information
Security Manager (CISM)
Certifications in data management
• Information Technology
• Certified Information Privacy
Infrastructure Library (ITIL
Professional (CIPP/E)
v3)
• Certified Information Privacy
• Certified Ethical Hacker
• DAMA Certified Data Management Manager (CIPM)
(CEH)
Professional (CDMP) • Certified Information Privacy
• Certified Information
• Data Governance and Stewardship Technologist (CIPT)
Security Auditor (CISA)
Professional (DGSP) • BS10012 Personal
• Certified in Risk and
Information Management
• Informatica Master Data Management Information Systems Control
System
(CRISC)
Administrator Certified Professional
• Certified Cloud Security
• Informatica Master Data Management Professional (CCSP)
Developer Certified Professional
• SAP Certified Application Associate – SAP Importance of data protection certifications in
organizations
Master Data Governance Along with the data protection existing understanding,
pursuing certifications in the field strengthens career
opportunities
• Proof of knowledge
• Certified professional
• Unique set of skills

Page 21 Data Privacy Training Session

Questions?
Our Offices
Ahmedabad Delhi NCR Kolkata
22nd Floor, B Wing, Privilon Ground Floor 22 Camac Street
Ambli BRT Road, Behind Iskcon 67, Institutional Area 3rd Floor, Block ‘C’
Temple, Off SG Highway Sector 44, Gurugram - 122 Kolkata - 700 016
Ahmedabad - 380 059 003 Tel: + 91 33 6615
Tel: + 91 79 6608 Haryana 3400
3800 Tel: +91 124 443 4000
Mumbai
Bengaluru 3rd & 6th Floor, Worldmark-1 14th Floor, The Ruby
12th & 13th floor IGI Airport Hospitality District 29 Senapati Bapat Marg
“UB City”, Canberra Block Aerocity, New Delhi - 110 037 Dadar (W), Mumbai - 400 028
No.24 Vittal Mallya Road Tel: + 91 11 Tel: + 91 22 6192
Bengaluru - 560 001 4731 8000 0000
Tel: + 91 80 6727
5000 4th & 5th Floor, Plot No 2B 5th Floor, Block B-2
Tower 2, Sector 126 Nirlon Knowledge Park
Ground Floor, ‘A’ wing Gautam Budh Nagar, U.P. Off. Western Express Highway
Divyasree Chambers Noida - 201 304 Goregaon (E)
# 11, Langford Gardens Tel: + 91 120 Mumbai - 400 063
Bengaluru - 560 025 671 7000 Tel: + 91 22 6192
Tel: + 91 80 6727 0000
5000 Hyderabad
THE SKYVIEW 10 Pune
Chandigarh 18th Floor, “SOUTH LOBBY” C-401, 4th floor
Elante offices, Unit No. B-613 & Survey No 83/1, Raidurgam Panchshil Tech Park, Yerwada
614 Hyderabad - 500 032 (Near Don Bosco School)
6th Floor, Plot No- 178-178A Tel: + 91 40 Pune - 411 006
Industrial & Business Park, Phase- 6736 2000 Tel: + 91 20 4912
I 6000
Chandigarh - 160 002 Jamshedpur
Tel: + 91 172 1st Floor, Shantiniketan
6717800 Building
Holding No. 1, SB Shop Area
Chennai Bistupur, Jamshedpur – 831
Tidel Park, 6th & 7th Floor 001
A Block, No.4, Rajiv Gandhi Salai Tel: + 91 657
Taramani, Chennai - 600 113 663 1000
Tel: + 91 44 6654
8100 Kochi
9th Floor, ABAD Nucleus
NH-49, Maradu PO
Kochi - 682 304
Tel: + 91 484
433 4000
Ernst & Young LLP
EY | Building a better working world

EY exists to build a better working world, helping to

create long-term value for clients, people and society
and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in
over 150 countries provide trust through assurance
and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy,
tax and transactions, EY teams ask better questions to
Building a
find new answers for the complex issues facing our
world today.
EY refers to the global organization, and may refer to
better
one or more, of the member firms of Ernst & Young
Global Limited, each of which is a separate legal entity.
Ernst & Young Global Limited, a UK company limited by
working world
guarantee, does not provide services to clients.
Information about how EY collects and uses personal
data and a description of the rights individuals have
under data protection legislation are available via
ey.com/privacy. EYG member firms do not practice law
where prohibited by local laws. For more information
about our organization, please visit ey.com.
Ernst & Young LLP is one of the Indian client serving member firms of EYGM
Limited. For more information about our organization, please visit
www.ey.com/en_in.

Ernst & Young LLP is a Limited Liability Partnership, registered under the Limited
Liability Partnership Act, 2008 in India, having its registered office at Ground Floor,
Plot No. 67, Institutional Area, Sector - 44, Gurugram - 122 003, Haryana, India.

© 2023 Ernst & Young LLP. Published in India.

All Rights Reserved.

This publication contains information in summary form and is therefore intended

for general guidance only. It is not intended to be a substitute for detailed
research or the exercise of professional judgment. Neither EYGM Limited nor any
other member of the global Ernst & Young organization can accept any
responsibility for loss occasioned to any person acting or refraining from action as
a result of any material in this publication. On any specific matter, reference
should be made to the appropriate advisor.
Need for the Digital India Act, 2023
The IT Act was originally designed to protect e-commerce transactions and define cybercrime, however, India does
not have a comprehensive legislation/act to deal with cyber incidents and processing of data in the digital world

 Multiple revisions and amendments (IT Act Amendment of 2008, IT Rules 2011) have been made in attempts to
define the digital space in which it regulates while trying to put more emphasis on the data handling policies
IT Act would fail to keep  However, because the IT Act was originally designed only to protect e-commerce transactions and
up with the growing define cybercrime offenses, it did not deal with the nuances of the current cybersecurity landscape adequately
sophistication and rate of nor address data privacy rights
cyber-attacks  The Digital India Act will fully replace the current Information Technology Act (IT Act) of 2000 by
2023, which has faced criticisms for its outdated policies and inadequacies in dealing with modern-day
technological issues

Implementing the  The two legislations will work in tandem with each other, with the Digital Personal Data Protection
Digital India Act Bill focusing solely on the processing personal data in India
alongside the Digital
 Purpose is to address the “processing of digital personal data in a manner that recognizes both the right of the
Personal Data
individuals to protect their personal data and the need to process personal data for lawful purposes.”
Protection Bill, 2022

Page 25 Data Privacy Training Session

Purpose of the Digital India Act
The DIA focuses on the aspects of the data processing policies and procedures in the digital world along with
incorporating the upcoming technologies including 5G, IoT, cloud computing etc.

0 1
Acts as catalyst for
Indian economy by
0 2
Regulates all
aspects of the
0 3
Creates new
regulations around
enabling more digital world and newer technology,
innovation, start- data processing including 5G, IoT
policies devices, cloud
ups, protecting
computing,
the citizens of metaverse, blockchain,
India in terms of and cryptocurrency
safety, trust, and
accountability

The draft of the Digital India Bill is set to undergo public consultation in July.
The need for a new regulatory landscape has arisen from India’s digital revolution — which has rendered the current
regulatory landscape outdated

Page 26 Data Privacy Training Session