India Inc has some way to go to comply with data protection act: PwC India

  • While 90% of organisations that PwC India studied showed users a privacy notice when collecting data, only 9% sought consent that was free, specific and informed. And 43% did not provide a clear reason for which personal data was shared with third-parties

Gulveen Aulakh
Published4 Oct 2023, 02:03 PM IST
Only 4% of organisations studied have published a mechanism for notifying breaches on their website, the study found
Only 4% of organisations studied have published a mechanism for notifying breaches on their website, the study found

New Delhi: A new report by PwC India on how compliant Indian companies are with the Digital Personal Data Protection Act, which came into effect on 11 August, reveals some startling facts. Only 41 of the 100 websites of Indian enterprises PwC India analysed for it study mentioned data principals’ (users’) rights to access, correct and erase their personal data, while only 9 sought consent from users that was free, specific and informed.

The report said 90% of the organisations showed users a privacy notice when collecting data through their websites, but since such a notice is the first step for any organisation entering the digital world, the high level of compliance did not indicate the presence of a robust data privacy framework. On the matter of third-party data transfers, 43% of organisations did not provide a clear reason for which personal data was shared with third-party data processors.

Sivarama Krishnan, partner and leader - risk consulting, PwC India, and leader, APAC cybersecurity and privacy, PwC, said, "The impact of the DPDP Act 2023 will be all-pervasive and far-reaching for us as individuals, for businesses, and for the overall economy. For organisations in India, it is not only an opportunity to streamline their data collection and processing processes but to also build customer confidence and stakeholder trust, and enhance their global competitiveness… Investing now to become compliant will stand organisations in good stead in the future.”

Here are the key takeaways from the report:

Consent: Only 9% of organisations collect consent that can be considered ‘free, specific and informed’. In such cases, consent is often bundled (i.e. single consent is obtained for multiple purposes). The study found that while 48% of organisations provide the option to withdraw consent, the actual process of doing so isn’t easy. It also found that only 2% of organisations obtain consent in multiple regional languages.

Cookies: PwC India found that 16% of company websites display a cookie consent banner to users, highlighting that their personal data will be collected and processed. It said 33% of organisations display a cookie notice informing users that the website (or any third-party service used by the website) they are navigating uses cookies. The information technology, hospitality and aviation sectors are leaders in terms of obtaining cookie consent and giving users control over their online experiences as these enterprises have a global presence and are compliant with data protection regulations around the world.

Privacy notices: The study found that 90% of organisations display a privacy notice to users when collecting data through their websites, while 80% mention what personal data is collected in their privacy notice. Just over half (54%) of organisations that display a privacy notice mention the period for which personal data will be retained. And only 2% of organisations provide privacy policies or notices in multiple languages.

User rights: PwC India found that 41% of organisations display the data rights of users (erasure, access and correction) on their website and explain how to exercise these rights. While most organisations in the information technology, hospitality, consumer and pharma sectors, in addition to super apps – have processes in place to honour users’ data rights, they do not provide dedicated email addresses or online forms for support, the study found.

Breach notification: Only 4% of organisations studied have published a mechanism for notifying breaches on their website, the study found. Organisations from the IT and fintech sectors were found to have breach notifications in place as they have a presence in countries with stringent data privacy laws.

Data protection officer: Around 74% of organisations have posted the details of a person or a team that can be contacted for queries about data processing. Of these, 54% have proactively provided the contact details of their data protection officer (DPO). These organisations are likely to have a privacy framework in place and may have a head start in their compliance journey, PwC India said.

Data retention: The study found 54% of organisations state their data retention periods on their websites. These companies are predominantly in sectors such as fintech, e-commerce, IT, banking, insurance and aviation, while organisations in the consumer, retail, realty and manufacturing sectors are lagging on this.

Children’s personal data: One in 10 schools provides a privacy notice customised for children verifies the user’s age to check if he or she is a minor. Such schools state that they process children’s data only after taking content from a parent or guardian. Online services and product providers do not show age-appropriate notices or check if the user is a minor, the study said.

Catch all the Business News , Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.

MoreLess
First Published:4 Oct 2023, 02:03 PM IST
Business NewsNewsIndiaIndia Inc has some way to go to comply with data protection act: PwC India

Get Instant Loan up to ₹10 Lakh!

  • Employment Type

    Most Active Stocks

    Adani Power share price

    560.20
    03:59 PM | 28 NOV 2024
    36.4 (6.95%)

    Adani Ports & Special Economic Zone share price

    1,167.00
    03:43 PM | 28 NOV 2024
    -32.75 (-2.73%)

    Indian Oil Corporation share price

    137.80
    03:59 PM | 28 NOV 2024
    -1.15 (-0.83%)

    Adani Enterprises share price

    2,437.45
    03:59 PM | 28 NOV 2024
    39.1 (1.63%)
    More Active Stocks

    Market Snapshot

    • Top Gainers
    • Top Losers
    • 52 Week High

    Karur Vysya Bank share price

    239.10
    03:29 PM | 28 NOV 2024
    9.1 (3.96%)

    Laurus Labs share price

    551.45
    03:47 PM | 28 NOV 2024
    7.9 (1.45%)

    Computer Age Management Services share price

    4,896.45
    03:58 PM | 28 NOV 2024
    40.05 (0.82%)

    Eclerx Services share price

    3,455.55
    03:54 PM | 28 NOV 2024
    -7.6 (-0.22%)
    More from 52 Week High

    Amber Enterprises India share price

    5,991.45
    03:56 PM | 28 NOV 2024
    -481.35 (-7.44%)

    SBI Life Insurance Company share price

    1,427.95
    03:55 PM | 28 NOV 2024
    -77.55 (-5.15%)

    Max Financial Services share price

    1,128.60
    03:29 PM | 28 NOV 2024
    -59.3 (-4.99%)

    Triveni Turbines share price

    796.55
    03:58 PM | 28 NOV 2024
    -38.75 (-4.64%)
    More from Top Losers

    Honasa Consumer share price

    251.55
    03:54 PM | 28 NOV 2024
    22.85 (9.99%)

    ITI share price

    295.40
    03:56 PM | 28 NOV 2024
    19.65 (7.13%)

    Adani Power share price

    560.20
    03:59 PM | 28 NOV 2024
    36.4 (6.95%)

    Ujjivan Small Finance Bank share price

    35.88
    03:59 PM | 28 NOV 2024
    2.32 (6.91%)
    More from Top Gainers

    Recommended For You

      More Recommendations

      Gold Prices

      • 24K
      • 22K
      Bangalore
      77,535.00290.00
      Chennai
      77,541.00290.00
      Delhi
      77,693.00290.00
      Kolkata
      77,545.00290.00

      Fuel Price

      • Petrol
      • Diesel
      Bangalore
      103.02/L0.10
      Chennai
      100.90/L0.00
      Kolkata
      104.95/L0.00
      New Delhi
      94.77/L0.00

      Popular in News

        HomeMarketsPremiumInstant LoanMint Shorts