- This topic has 0 replies, 1 voice, and was last updated 1 month, 3 weeks ago by
.
-
Posts
-
-
Utrying to understand the *practical side* of DPDP implementation, not just the theory.
From reading the Act + Rules, a lot of obligations seem operational, not just legal, things like:
* “reasonable security safeguards”
* consent being “free, specific, informed, unambiguous”
* breach notification timelines
* data erasure once purpose is fulfilledMy confusion is around **how this actually plays out in practice**:
1. Are companies currently treating this as mostly documentation (policies, contracts), or actually making technical changes to their systems?
2. For something like “reasonable security safeguards”, how are lawyers advising clients, is there any accepted benchmark or is it case-by-case?
3. Do you expect enforcement to become active in the near term, or will this remain low-priority unless there are a few big penalties?
4. For consent requirements (especially “clear and plain language” + multilingual), how strict do you think regulators will be in practice?
5. Are companies (20–100 employees) even taking this seriously right now, or mostly waiting it out?Would really appreciate perspectives from people advising clients on this.
-
