Ease of Doing Business for MSMEs: The ease of doing business will become easy and hassle-free with the establishment of the Data Protection Authority of India (DPAI).
- By Ambarish Gupta
Ease of Doing Business for MSMEs: Mukesh Ambani, Chairman of Reliance Industries, once said, “Data is the new natural resource. We are at the beginning of an era where data is the new oil.” The message elucidates the importance of data security in today’s time. Nations across the globe are taking steps for its privacy and India has also geared up for a strict data protection law. Working in the direction the much-awaited Personal Data Protection Bill, which covers the mechanisms for the protection of personal data, recently saw the light of the day in the Lok Sabha. With this, India joins the queue of countries that has systematic data protection legislation regulation. Europe has stricter and more precise data protection legislation regulation than the U.S, according to the Clemons & Banattar 2018, report.
Data privacy will be at the centre of India’s startup and SMEs ecosystem. Its effect will be strong on these with long term result. There are around 8,900 startups and 42.50 million SMEs (both registered and unregistered) in India. Enumerated below are the ways how the bill will impact the startups and SMEs.
The bill lay down obligations on agencies collecting personal data (data fiduciary) to collect only that data which is required for a specific purpose and with the express consent of the individual (data principal). The provision will safeguard the essential data and will also not allow fraudulent activities. There have been cases of security breaches and data leakages in many startups and SMEs. The Personal Data Protection Bill shield the startups and SMEs who have low budget. The bill confers the rights to restrict or prevent the disclosure of personal data. The companies shall have the right to obtain personal data, correct inaccurate data, erase, update, port them to other fiduciaries.
The ease of doing business will become easy and hassle-free with the establishment of the Data Protection Authority of India (DPAI). The body will protect the interest of the startups and SMEs, prevent misuse of personal data, ensure compliance and will also promote awareness about the subject. But if we see from another side, the formation and working of DPAI are complex as it will be challenging to collect and process data promised in the bill.
Restrictive clauses around purpose, storage, and collection limitations will make it a little difficult for startups and potential startups to get into the data business. To come up with challenges, the Adjudicating Officer will play an instrumental role in DPAI. He will be responsible for deciding penalties and award compensation for violations and “Appellate Tribunal” to hear appeals against these.
The bill may offer specific teething issues in the beginning, but if we see in the long term, it will play an instrumental role in the data protection of startups and SMEs. Our SMEs and startups have immense potential; embracing the bill will help the sector to grow further. The Indian government has taken specific initiatives like Make in India, Startup India and Skill India to develop SMEs status in the country. The Personal Data Protection Bill will bring in positive results. The bill has been referred to a Joint Committee of the Houses (JPC), which is expected to look at finer details of it.
There is an increased awareness regarding data protection among Indians, as per a Dvara Research, small towns are becoming much more aware of personal data protection. There are many who have already stopped using a certain app when informed that their data is being used to understand their behaviour. Most fintech companies giving loans to small businesses in small towns will have to handle data privacy carefully with the rise of awareness level and with data protection bill to become reality in India.
(Ambarish Gupta is the Founder at Knowlarity Communications. Views expressed are the author’s own.)