Excerpt from MINT Article – Published on Oct 04, 2023

A recent report by PwC India sheds light on the compliance status of Indian companies with the Digital Personal Data Protection (DPDP) Act, effective since August 11. Out of the 100 Indian enterprise websites analyzed, only 41 acknowledged users’ rights to access, correct, and erase personal data, with merely 9 obtaining free, specific, and informed consent from users, according to PwC India.

Although 90% of organizations presented users with a privacy notice during data collection, PwC notes that this doesn’t necessarily indicate a robust data privacy framework. Regarding third-party data transfers, 43% failed to provide clear reasons for sharing personal data with external processors.

Key findings from the report include:

Consent: Only 9% collected ‘free, specific, and informed’ consent, often bundled for multiple purposes. Withdrawal processes were challenging, and a mere 2% obtained consent in multiple regional languages.

Cookies: 16% displayed cookie consent banners, while 33% informed users about cookie usage. The IT, hospitality, and aviation sectors excelled in cookie consent practices.

Privacy Notices: 90% displayed privacy notices, but only 54% mentioned the retention period. Merely 2% provided privacy policies in multiple languages.

User Rights: 41% showcased user data rights, with an explanation of how to exercise them. However, support avenues like dedicated email addresses were lacking.

Breach Notification: Only 4% had mechanisms for breach notifications, primarily observed in the IT and fintech sectors.

Data Protection Officer: 74% posted contact details for data queries, with 54% proactively providing details of their Data Protection Officer (DPO).

Data Retention: 54% of sectors like fintech, e-commerce, IT, banking, insurance, and aviation disclosed data retention periods.

Children’s Personal Data: Only one in ten schools provided customized privacy notices for children, verifying age before processing data. Online services and product providers lacked age-appropriate notices or age verification.

PwC India suggests that investing in compliance now will bolster organizations for the future, fostering customer confidence and global competitiveness.

To delve deeper into this topic, please read the full article on MINT.