Recent draft rules under the Digital Personal Data Protection (DPDP) Act will significantly change how financial institutions, including banks, NBFCs, and insurers, manage customer data. Requiring explicit consent for data sharing and limiting its use to specified purposes, these regulations may impact the financial sector’s cross-selling activities and operational efficiency.
Financial institutions can no longer freely share customer data with subsidiaries without explicit consent, disrupting the established practice of leveraging subsidiary networks to offer products like insurance and mutual funds. The draft rules emphasize transparency, requiring entities to provide clear notices about data collection and usage, including the process for withdrawing consent, in English and 22 Indian languages.
Data retention is also strictly limited. Customer data can only be used for the purpose stated at collection and must be deleted once that purpose is fulfilled or consent withdrawn. Customers can demand summaries of their data usage and withdraw consent at any time, halting further processing.
Banks and NBFCs, particularly in semi-urban and rural areas, may struggle to obtain consent from customers less familiar with digital platforms. Reaching traditional, branch-reliant customers will require new outreach and educational initiatives.
Significant Data Fiduciaries, larger entities, face increased compliance burdens. They may need to appoint Data Protection Officers, conduct impact assessments, and undergo rigorous data audits. Non-compliance penalties, including those for data breaches, could reach Rs 250 crore, necessitating overhauls of data security protocols and employee training.
The DPDP Act intersects with existing regulations from the RBI, SEBI, and IRDAI. Financial institutions must ensure compliance with all applicable frameworks to avoid multiple regulatory breaches.
While enhancing customer data protection, the Act could significantly impact targeted marketing, fraud prevention, and product pricing. The BFSI sector will need to adapt its data management and customer relationship strategies. The article was published on January 8, 2025, at 10:51 AM IST. (Note: Placeholder comment and subscription sections in the original text were omitted as per the instructions to retain only the core content and its original length.)
Source Link
