:: Compliance with India's Digital Personal Data Protection Act 2023 ::

Our Managing Partner (Monish G Chatrath) was recently invited to address a gathering of CEOs & CFOs of the IMA Forum in Bengaluru on the complexities of complying with the Digital Personal Data Protection Act 2023 ('DPDP'). During this session, Monish provided insights on various aspects of the DPDP and shared his expertise on how businesses can navigate compliance requirements relating to the same.

Since this was a closed-door session, we would not be providing a recording of the entire session; and instead have embedded a link that provides the context (click here to view the same) and provided a summary of the main aspects covered in this session (in the ensuing sections).

We trust that this will be beneficial for those who were unable to attend the session.

Way forward …

We had stated this in our previous thought leadership on the DPDP and would like to reiterate that data privacy and protection laws have a significant impact on organizations - structurally, procedurally, and across functions. As organizations adapt to a wide range of regulations, often with varying requirements and restrictions, they also realize that data breaches come with their own unique set of consequences.

While it is advisable to conduct a complete readiness assessment to ascertain the nature and extent of measures that your organization should implement for compliance with the DPDP, specific initial measures that you should undertake are the identification of (a) data principles (whose personal data are you collecting); (b) types of people in your database (such as if the data subjects are employees, customers, clients or otherwise), while placing special attention to vulnerable individuals (such as children or those diagnosed as mentally ill); (c) categories of personal data; (d) sources of data; (e) purposes for which data is processed; (f) data retention measures & period; (g) data storage and security measures; (h) third parties who have access to your database; & (i) the nature and type of information at risk for cross-border transfers.

Should you require any clarifications or assistance, please do not hesitate to reach out to us at contactus@mgcglobal.co.in.

Best regards

Markets Team

MGC Global Risk Advisory

About MGC Global Risk Advisory

Recognized as one of the "10 most promising risk advisory services firms" in 2017, as the "Company of the Year" in 2018 &, 2019' (both in the category of risk advisory services), one of the "Top Exceptional Companies to Work For" in 2020, amongst the "Top 25 Customer Centric Companies" in 2020, "The Consultant of the year" in 2021 (in the category of risk advisory services) and "Top Exceptional Leaders in Risk Advisory Services" in 2023; MGC Global is an independent member firm of the ~US$ 5 billion, Atlanta headquartered - Allinial Global.

MGC Global provides services in the areas of internal audits, enterprise-wide risk management, control assessments (SOC, IFCR & SOX), process re-engineering, governance frameworks, IT risk advisory, GDPR, VAPT, ISO readiness, cyber security, vCISO, CxO transformation, forensic, ESG & CSR services.

Our firm has the capabilities to service its clients through its offices in Bengaluru, Mumbai, NCR; and has service arrangements in all major cities in India.

About Allinial Global

Allinial Global (formerly PKF North America) is currently the world's second-largest member-based association (with collective revenues of approximately USD 5 billion) that has dedicated itself to the success of independent accounting and consulting firms since its founding in 1969. It currently has member firms in over 105 countries, who have over 28,000 professional staff and over 6,000 partners operating from nearly 700 offices across the globe.

Allinial Global provides its member firms with a broad array of resources and support that benefit both its member firms and their clients in the key impact areas of learning and development, human resources, international outreach, technical support, knowledge-sharing platforms through its specialized communities of practice, marketing resources, information technology and best practices in practice management.