Brace yourselves for India's DPDP Act

Brace yourselves for India's DPDP Act

India’s Information and Broadcasting Minister Ashwini Vaishnaw told the media on August 19 that the central government is expected to release a draft of the rules under the Digital Personal Data Protection Act (DPDP Act) within a month. This will be followed by public consultation, feedback and changes. With the imminent release of the Digital Personal Data Protection Act (DPDP) Act's draft rules, Indian enterprises are gearing up for a significant shift in their data management practices. The Act's impending implementation presents both challenges and opportunities, requiring organizations to prioritize data governance and compliance?Are you ready for it???

The exponential growth of data in India has amplified the need for robust data governance strategies. By establishing clear data policies, procedures, and technologies, organizations can mitigate risks, protect customer trust, and achieve long-term business sustainability.??

DPDP Act: A Catalyst for Change?

The DPDP Act serves as a catalyst for organizations to reassess their data management practices. Compliance with the Act's requirements necessitate a comprehensive approach that addresses people, processes, and technology.?

Data Governance:?It is an overarching concept that includes data protection as one of its elements, focusing on the management of data availability, usability, integrity, and security maintaining the customer trust. This requires setting up of data management office, identifying the chief and creating the fortress by embracing good data governance practices.? Compliance challenges like GDPR, DPDP are the reminders for constantly evaluating your data landscape and maintaining best practices through continuously upgrading and improving.?

So, is the DPDP act yet another headache for the enterprises?? Will it impact the profitability or is it a golden opportunity to reduce the mess and streamline data governance to build long term trust and sustainable business??

There is no silver bullet to magically secure all your data assets and become 100% compliant overnight.? The path to DPDP compliance goes through the PPT frameworkPeople, Process and Technology. Let’s look at the key dimension - technology. How technology can enable the People and Processes and accelerate implementing data governance to fulfil the obligations of DPDP Act.?

Data Discovery and Classification?

The enterprises have grown organically as well as inorganically.? First and foremost is to take inventory of all the data assets and know the location, usage and value. Today’s enterprises work in disparate silos and hence, it is even more important to create a central repository of data by discovery and classification.?

Data Cataloguing??

The inventory of all the information assets, structured, semi-structured or unstructured; must contain classification and cataloguing for better governance. Every use case would require each data element to be identified in a context. For example, you will need to identify the personal identifiable information (PII) or Protected Health Information (PHI) or Payment card industry (PCI). Sensitivity and confidentiality of data elements is paramount and hence classification helps organize the data according to its importance and usage.?

Data Lineage?

Do you know where the data goes from the moment it enters your boundaries. Each data element moves through various applications and domains, systems and environments, persons/ roles and groups. Wouldn’t it be useful to have a visual representation of your data lineage while at rest and in motion?? The path that data element traverse, especially the data to be protected, the transformations and whys and hows, would help in deciphering the potential weakness in data protection or usages, leakages, breaches etc. and allow you to contain and control the data moment minimizing the risks.?

Data Access and Protection?

Most of the enterprises do have common identity management systems, AD/ LDAP for storing user and role credentials and managing identities. The Role based access, though, is managed by the respective applications, environments and databases. This makes it extremely messy to take stock of all the data access points and the logs across the organization. Besides, the regulatory and compliances keep on adding difficulty levels through constant amendments and improvements. This calls for centralized policies for data access across the enterprises. The tools which can help create and manage access policies, role-based access controls, while listing, grey listing and blacklisting access through a single pane, will emerge as essentials.??

Sometimes the sensitive information cannot be isolated from the rest of the attributes and hence data masking, encryption or data anonymisation becomes necessary capability for data protection. The emerging technology such as AI can bring substantial ease in operations by automatically identifying sensitive data and pseudonymise (look-a-like of production data) using various GAN (Generative Adversarial Networks).??

It is a powerful technique to create a production-like (but not production) test data or even the archived data beyond the archival date and almost eliminate the risk of data breech from the lower or non-production environments and de-classified data. Even though the regulator mandates you to forcefully archive or destroy data beyond the expiry date, you may want to keep it for specific usages or even?? require it to feed your AI/ML models.?

Consent & Other Customer Rights

This requirement is still evolving, and it depends entirely on the usage of data. Every use case needs to be built for managing consent and other customer requests in the form of rights of customer. Develop mechanisms to obtain and manage customer consent for data processing. These capabilities will allow enterprises to be accountable to customers and respond within the stipulated timeframes. It may look non-critical, but it’s a time and efforts draining task and enterprise may not like their business workforce to put their energy in thinking about what needs to be done and how.?

Continuous monitoring and audit

In today's world, when enterprises invest substantial amount in deploying tools for Application Performance Monitoring (APM) and cyber security (SIEM), it is equally important to build central monitoring and auditing capabilities to monitor sensitive data at rest and in motion and look out for access logs and potential breeches or weaknesses in the system for immediate interventions.?

DPDP is here for the greater good and presents a significant opportunity for Indian enterprises to strengthen their data governance practices and build a more secure and compliant data ecosystem. By adopting a holistic approach that addresses people, technology, enterprises can navigate the challenges of compliance, substantially improve data quality & integrity and leverage data as a strategic asset. Compliance with the DPDP Act will enhance customer confidence and loyalty, driving sustainable business growth.?

About Author

Ajay Malgaonkar

About Prolifics

  • Prolifics is a digital engineering company offering digital solutions to global customers.?

  • Based on experience of working with global clients in implementing data governance solutions to comply with GDPR, CCPA and many other regulatory requirements, Prolifics has built expertise, tools, accelerators and IPs to accelerate DPDP readiness for Indian companies.?

  • Prolifics experiences and partnership with leading platform vendors such as IBM, Manta, BigID, OneTrust etc. makes it the right partner of choice for Data Governance.?

  • Prolifics can also offer highly economical solution components using industry leading open-source frameworks.?

Want to know more, please write to [email protected] ?

要查看或添加评论,请登录

社区洞察

其他会员也浏览了