The Indian government is determining transition periods to comply with its freshly passed data protection law based on how large and mature companies have demonstrated capacity to comply with the EU's GDPR and other privacy laws, said MoS for IT Rajeev Chandrasekhar at a Digital India Dialogue on the law held in New Delhi today. "We believe they [large and mature companies] don't require that much time to transition," he said. Chandrasekhar added that companies may be given more time to transition if they have to make significant architectural changes to comply with the law. Today's consultation saw industry members share their concerns over various provisions of the Digital Personal Data Protection Act, 2023, including the compliance timelines prescribed in it. Currently, "different types of entities will have different timelines to comply with different provisions" of the law. 1. Three broad types of data fiduciaries to be considered when drawing up timelines: Aside from "large" and "mature" companies, Chandrasekhar fleshed out two other categories that may be considered: "There is another category within the industry that is dealing with personal data, but are really not...the 'digital companies' in that sense. They are hospitals, they're MSMEs, they are manufacturing companies. They, in my opinion, should be given a little bit longer time to adapt to this new world order of digital privacy... And then there is the third [tier] who are the public sector government-linked organisations that are certainly at the bottom of the pyramid in terms of their [data protection]…
