With the Union Cabinet clearing the path for the Personal Data Protection (PDP) Bill to be tabled in the Parliament, India has reached one step closer to the privacy protection regime. The bill, once passed, will bring India at par with other leading markets like the European Union (EU) where the General Data Protection Regulation (GDPR) came into effect in 2018. Like the GDPR, the PDP Bill contains broad guidelines on collection, storage and processing of personal data by data fiduciaries or organisations owning customer/employee data.
While the Supreme Court upheld the right to privacy of Indian citizens in 2017, it is now that the actual effect of the SC’s judgment will be visible across all walks of business. Until now, customer data has been a low-hanging fruit, which businesses could exploit to market, pitch and sell their products or services in the digital ecosystem. In many instances, they have had the liberty to sell and monetise data in their possession without any questions being asked. But things are set to change. If the PDP Bill becomes a law, which is highly likely, digital marketing will no longer be the same. Digital marketers will need to toe the line as per the provisions of the bill.
So, what should brands and businesses do to set their house in order before the passage of the bill and gain an edge over competition?
1. Go by the toughest privacy regulations
Know your data in the first place. Identify the places where it resides and the techniques being employed to use it. Work with the teams who handle it and understand the current data types. Finally, adopt a data privacy programme that adheres to the strictest laws, such as the GDPR, the UK’s Privacy Protection Act and the California Consumer Protection Act (CCPA). The PDP Bill has many similarities with the global regulations. Adherence to the highest standards will help organisations in India to continue with business as usual even once India adopts its own regulation. You should be mindful of a piecemeal or case-to-case approach as maintaining a jumble of separate privacy policies will prove to be costlier and riskier of. Your privacy programme, if built on the highest global standards like the GDPR, will help you function not only in India but also in the global markets. The programme should, however, be tailored to your type of business.
2. Know your data by employing data mapping
As prescribed in the PDP Bill, the Data Protection Authority will be the watchdog/regulator for privacy-related matters in India for all sectors. Given the nature of your business, it is probable that your organisation faces several access requests by data principals, which you need to fulfil in a limited timeframe. If your data has not been mapped adequately, you might end up violating the timelines, thereby inviting fines and penalties. Employ data-mapping techniques to store your data so that it is possible to fetch the details whenever the regulator demands.
3. Build trust to be a better digital marketer
Data is now available at the click of a button in any corner of the globe and it’s exactly this flexibility that has caused immense concerns around protecting its confidentiality and integrity. Thus, building trust becomes critical for digital marketers, although it requires a few steps to be taken in light of the provisions prescribed in the PDP Bill. As a digital marketing firm, you will need to consider the following aspects:
Data segmentation or classification is important as the bill mentions the requirement of storing and processing of critical data within the nation’s geographical boundaries. Sensitive data may be processed outside with the explicit consent of the data principal. There is no limitation on the storage and processing of general data.
The impact of the PDP Bill is going to be visible across industries and sectors, and more so in the domain of marketing as the new regulation will give every customer in India increased control over his or her personal data. This regulation requires digital marketers who rely heavily on collected data to retrace their footsteps and ensure compliance, particularly with respect to the points discussed above.
Partner and Leader, Cyber Security, PwC India
Tel: 022 66 691 559
Partner, Cyber Security, PwC India
Tel: +91 98 1075 5426