Data Privacy: Unpacking India’s Data Protection Act

PRABHAKAR RAMAKRISHNAN - CISO

When GDPR was first announced, my WhatsApp and LinkedIn groups burst into life with questions and deliberation. While we have always been vigilant with our data, the requirement for compliance with GDPR was significantly greater. This meant a fundamental shift in the approach we had been taking to store and process data.

It has been 5 years since GDPR and the outcome is a systematic, sound, and robust approach to data privacy and protection at TNQ that I’m truly proud of.

Safeguarding data and ensuring compliance

To begin, we conducted a comprehensive assessment of our data processing activities with a third-party specialist. This exercise helped us tremendously in updating our privacy policies and consent mechanisms, and upgrading our security with encryption, access controls, assessments, and incident report protocols.

TNQ had the BS10012 certification, and now with it having been phased out, we are working towards the ISO27701 certification for implementing a Privacy Information Management System.

The DPDP Act

India announced its DPDP (Digital Personal Data Protection) Bill in August 2023 compelling companies to protect digital privacy and promote a secure data ecosystem in India. Every conference and webinar I’ve attended in the last couple of months has discussed, dissected, and scrutinised this Act from every possible angle. There is a lot to unpack with every provision and facet of all the laws that companies are now required to comply with.

Discussions at the CISO Platform 2024 conference

We continuously upgrade our systems and processes to adapt to the changing landscape. Fortunately, there is considerable overlap between GDPR, the UK’s Data Protection Act, DPDP, CCPA, and others. Notably, while the GDPR outlines extensive processing grounds and principles, and provides data subjects with specific rights to challenge government data processing in certain situations, the DPDP Act emphasises processing for ‘legitimate purposes’ and grants the government a more pronounced authority over data use.

Given the widespread familiarity with GDPR and its similarities with DPDPA, I thought it would be useful to present the key differences in this infographic. 

Here’s a helpful official checklist from GDPR, and one from DPDPA for an in-depth analysis of the Act. 

In the publishing industry within which we work and particularly for publishers, processing data carefully is of utmost importance. At TNQ, the content that we handle is subject to confidentiality and IP protection regulations that are set by publishers, while processing of all personal information is subject to GDPR, the UK’s Data Protection Act, or other regulations as applicable. With the new DPDPA, our emphasis is on safeguarding TNQ’s customer data, proprietary information, and employee and supplier data. 

I’m always up for a conversation about what we are doing with our data, and what you should do with yours. 

About the author: Prabhakar is TNQ’s Chief Information Security Officer, leading compliance and cybersecurity at the company. When he’s not speaking at a conference or webinar, he’s quizzing our staff and drawing up games and puzzles to keep us up to date on all things security. He also leads TNQ’s Bikers Club, is quite the adventurer, and an avid photographer. 

Get in touch

Related articles

Corporate

Capturing clouds and creativity at TNQ

Our Head of HR, Anitha Raju writes about the photography contest we hosted for #worldphotographyday, receiving over 140 entries from our talented team members on this year’s theme – ‘Understanding Clouds.’ We are so proud of these incredible photographers! Take a look

Read More »

QUALITY ASSURANCE

Our expertise in the publishing industry, a rigorous training programme, and a technology-driven production process allow us to maintain the highest level of quality in everything that we deliver. Our quality control framework was created primarily to understand and document customer requirements, as well as to implement data-driven internal and external quality metrics that evaluate people, processes, and technology.

Read More »
Corporate

TNQ’s Coimbatore branch turns 7!

It feels like we’ve blinked, and here we are celebrating our Coimbatore branch’s 7th anniversary! Read our blog, where our AVP, Thiagarajan, recounts how we came together for a day of celebration, reflection, and recognition.

Read More »

Get in touch