Groundwork on for data protection board, online office software is ready: IT Secretary
New Delhi: The government has begun groundwork to establish procedures and modalities for appointing members to the proposed Data Protection Board of India, while the software needed to run the body as a fully online office is already ready, IT Secretary S Krishnan said.
Responding to queries on whether compliance timelines for large technology firms could be shortened under the new data protection regime, Krishnan said the government is consulting industry stakeholders to assess their preparedness. Given the complexity of the issue and its impact across the digital ecosystem, the government’s priority is to ensure that implementation does not cause disruption, he added.
On the Data Protection Board, Krishnan said the process to identify members and invite nominations has started and is currently being worked out for approval. “We’ve started putting in place the way to identify members and call for nominations for the positions the board would need,” he said, adding that the government is ready with the software required for a completely online functioning of the board.
Krishnan noted that during consultations, large companies have not expressed discomfort with any specific aspect of the proposed timelines. “We’ve asked them to indicate when they will be ready and to flag specific concerns, because this is complex,” he said.
The Digital Personal Data Protection (DPDP) Act envisages the creation of the Data Protection Board of India to monitor compliance, inquire into data breaches, impose penalties and direct remedial or mitigation measures. The board will function as an independent body and play a central role in enforcing rights under the Act and maintaining trust in the digital ecosystem.
Under the recently notified DPDP Rules, the central government will constitute a search-cum-selection committee, headed by the Cabinet Secretary, with the Law Secretary, the IT Secretary and two domain experts as members, to recommend names for appointment as chairperson. A separate committee, chaired by the IT Secretary and including the Law Secretary and two domain experts, will recommend names for board members. Appointments will be made by the central government after considering the recommendations.
The board is expected to be operational in the coming months, though no specific timeline has been indicated.
The DPDP Act lays down rules for digital data processing, defining rights and duties, and imposes steep penalties, including fines up to Rs 250 crore for security lapses.