Companies may get 1-year to comply with Digital Personal Data Protection Act

The Digital Personal Data Protection Bill, 2023, was passed by both Houses of Parliament in the Monsoon session.

Published: 21st September 2023 10:35 AM  |   Last Updated: 21st September 2023 10:40 AM   |  A+A-

DATA, DATA protection

Image used for representational purpose only. (File Photo)

By Express News Service

NEW DELHI:  The government is expected to provide a maximum of one year for entities to comply with the norms of the Digital Personal Data Protection Act 2023. The government will also establish a Data Protection Board and issue guidelines for eight rules, including consent management, within the next month or 45 days. “Once we receive submissions from industry stakeholders, we will make a decision regarding the transition period for companies.

However, one thing is certain: We will not grant two years or 18 months of time as demanded by industry representatives,” said Rajeev Chandrasekhar, Minister of State for Electronics and IT. While speaking with industry representatives from tech companies such as Meta, Lenovo, Dell, Netflix, and others, the minister said the rules would be implemented in a graded manner. He added that large technology companies such as Meta, Twitter or any others would be given less time to comply, while start-ups and MSMEs would be granted more time to adopt the law. 

“These small start-ups and MSMEs require additional time to adapt to the new law. While I don’t believe that large companies like Meta or Twitter need more time to comply, as they are already well-equipped and technically capable of adopting the new law,” added the minister.

The Digital Personal Data Protection Bill, 2023, was passed by both Houses of Parliament in the Monsoon session. The Act mandates to protect the privacy of Indian citizens. According to the law, data collected from citizens should only be used for the purpose for which it was collected, and the amount of data collected should be limited to what is necessary. 

The act also proposes a penalty of up to Rs 250 crore for entities that misuse or fail to protect the digital data of individuals. In case of any grievances, individuals will have the option to approach the Data Protection Board, which will process complaints in accordance with the norms of the act.

Follow The New Indian Express channel on WhatsApp


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp