final image

Digital Personal Data Protection Act, 2023: impact on telcos

In the fifth episode of our ‘Gateway to data privacy and protection' podcast series, we explore the extensive implications of the Digital Personal Data Privacy Protection (DPDP) Act, 2023 on telecom companies, with Mini Gupta, Cybersecurity Consulting Partner at EY India. In this podcast, Mini shares insights on several critical topics, including data fiduciaries within the telco ecosystem, cross-border data transfers, the handling and potential misuse of personal data, penalties for data fiduciaries, and the necessary institutional framework for monitoring and addressing data breaches. 

In conversation with:


Mini Gupta

Mini Gupta
EY India Cybersecurity Consulting Partner

Key takeaways

  • According to the DPDP Act, if telecom service providers and OTT partners have tied up to provide services, both are data fiduciaries as they seek personal data to provide services.
  • The DPDP Act outlines a multi-tiered escalation process for resolving data breaches, thereby safeguarding the interests of data principals.
  • In cases where multiple data principals use IoT services in a household, the service subscriber's consent will suffice.
  • In case the roamer is traveling from India to overseas, personal data transfer may not be required. However, when a foreign individual is visiting India and becomes a roamer here, the GSMA Act would apply.
In the digital age, safeguarding data is a shared responsibility, with multiple data fiduciaries ensuring privacy and accountability.

For your convenience, a full text transcript of this podcast is available on the link below: Read the transcript

If you would like to listen to our podcasts on the go:

Podcast

Duration

14m 51s