MeitY to Fast-Track DPDP Compliance for Big Tech, Banks to 12 Months

• MeitY plans to shorten the Digital Personal Data Protection Act (DPDP) compliance window for significant data fiduciaries (SDFs) from 18 to 12 months.
• This accelerated timeline will impact major tech firms like Meta, Google, Amazon, Microsoft, and large banking, financial services, and insurance companies.
• Industry executives anticipate resistance due to the complexity of legacy systems and data localization requirements, making a 12-month window challenging.
• MeitY also proposes immediate implementation of government's power to seek information from data fiduciaries and faster operationalization of cross-border data transfer rules.
• Data retention timelines are also set to shrink, with a proposal for implementation within 90 days for retaining personal data for a minimum of one year.

Why It Matters: MeitY is accelerating DPDP compliance for big tech and banks, reducing the window to 12 months.