Investment Impact of India's New Data Protection Law
India's new data protection law is projected to attract approximately ₹10,000 crore in investments over the next three years. Businesses are expected to allocate more resources toward privacy automation and services to comply with these new norms, as per consulting firm EY India.
Digital Personal Data Protection (DPDP) Act
- The DPDP Act was passed by Parliament two years ago, and the government has recently notified the administrative rules required to enforce the law.
Investment Breakdown
- Consent management, a critical component of compliance, could account for about 10% of the anticipated investment.
- Large enterprises are expected to integrate consent systems into their digital infrastructure within the next 12 to 18 months.
Industry Players
- Global Vendors: Companies like ServiceNow, IBM, OneTrust, and TrustArc are positioning themselves to capture early market share in consent management-as-a-service.
- ServiceNow: Collaborating with four of India's top five banks.
- IBM: Its access management platform, IBM Verify, is becoming a major player in enterprise deployment.
- Startups: OneTrust has expanded into Singapore to serve the APAC region, including India, and has entered partnerships with Deloitte and KPMG to boost its Indian operations.
- TrustArc: Currently in the process of being acquired by Main Capital Partners, a move significant for its expansion in India.
Opportunities and Challenges
- The creation of a significant compliance ecosystem in India is anticipated, presenting opportunities worth over ₹10,000 crore in privacy automation and compliance services.
- Consent management could represent 10% of this investment, which might be subsidized depending on the commercial model for registered consent managers.
Role of Consent Managers
- Defined by the DPDP Act as registered entities that provide a neutral, interoperable, privacy-enabled platform for users to manage consent for data fiduciaries.