In a recent development, the Ministry of Electronics and Information Technology (MeitY) made an announcement on September 20, appointing Sanket S Bhondve, an IAS officer currently serving as a joint secretary in the ministry, as Officer on Special Duty (OSD) for the establishment of the Data Protection Board under the Digital Personal Data Protection (DPDP) Act, as per a report by Moneycontrol.
Earlier in the day, MoS IT Rajeev Chandrasekhar reportedly stated that the government plans to officially notify the Data Protection Board (DPB) within the next 30 days.
Despite the DPDP Act being enacted as law, its implementation is pending. In the near future, in addition to the DPB notification, the government intends to issue operational rules and establish specific timelines for data fiduciaries to comply with this legislation.
According to an official order from MeitY, Bhondve, presently a joint secretary in MeitY's DigiGov wing, will collaborate with the Cyber Laws and Data Governance Division of the ministry to set up the DPB.
Prior to his appointment to MeitY in July 2023, Bhondve served as a private secretary to the Minister of Road Transport and Highways.
The Data Protection Board is slated to be the central body responsible for enforcing the DPDP Act. Notably, it will play a crucial role in taking action against data fiduciaries for non-compliance with the Act or in cases of data breaches.
The chairperson and members of the DPB will be appointed by the central government. Criticisms have been voiced regarding the DPB's authority to request the removal of content, a move recently made by the government.
Meanwhile, Chandrasekhar said on Wednesday that some entities may be given a year’s time to fine-tune their systems to comply with the DPDP bill. On forming the Data Protection Board and key rules, the minister said that these will be placed within 30 days. In the first ‘Digital India Dialogue’ discussions on the recently enacted Digital Personal Data Protection Act with key industry stakeholders, the minister deliberated upon the transition time needed for specific clauses of the law and sought specific inputs on the implementation.
“Over the next 30 days, there will be necessary rules prescribed for the Act. We will also work on forming the Data Protection Board in the upcoming month. Some businesses like startups and MSMEs and establishments like hospitals that handle people's data might get more time to adhere to these rules,” the minister said.