Tuesday, 12 February 2019

India: Compliance to Data localization regulation

The advent of modernization has introduced many technology dependent miracles. Advancement in the innovative skills of human labour have facilitated the development of a digital infrastructure which caters the multiple needs of the individuals over virtual platform thereby inculcating independent handling by them. Internet is increasingly becoming the medium of carrying out all major present-day activities including information dissemination, communication, commercial transactions, banking functions, etc. This has led to the elevation of the standards of living and has raised the number of e- payments modes.

Online Payments in India

India finds a vast segment of its population now dependent on technology for carrying out number of transactions. The Government has also made efforts for promoting cashless mode of dealings through the digitalization. The payment vis this mode requires the submission of personal and sensitive information of an individual. Considering the vital nature of the information being shared, essential monitoring and control of transmission of such data is required to ensure the provision of a safe and viable payment system within the country.

Online payments in India are regulated by the National Payments Corporation of India (hereinafter referred to as “NPCI”) uses unified payment interface (hereinafter referred to as “UPI”) an instant real-time payment system developed by NPCI regulated by Reserve Bank of India (hereinafter referred to as “RBI”) that facilitates banking operations occurring on the web-platform.

RBI monitoring

In order to have unfettered supervisory access to data stored with payment companies as also with their service providers / intermediaries/ third party vendors and other entities in the payment ecosystem for better monitoring of the payment transactions in India, RBI vide its notification dated April 6, 2018[1] imposed norms regulating data localization (hereinafter referred to as “RBI regulation”). The RBI regulation requires all system providers to ensure that the entire data including the complete transaction details and information regarding the payment instruction relating to payment systems operated by them, are stored in a system only in India October 15, 2018 onwards.

Response by the Payment Companies

Confronted with the challenges such as lack of available servers or data centres in India, administrative cost, compliance burden and time-consuming process being involved therein, the payment companies expressed their concerns to the RBI. However, RBI refused to accept the representations made by the payment entities requesting for the relaxation of norms stated in the RBI regulation seeking the adherence to the same by the deadline provided therein. RBI mandated for the submission of a report in ensuring compliance and clarified that any event of non-obedience to the said directive would entail punitive action against the defaulters.[2]

The consequence…

Attributable to the strict nature of the instructions provided in the RBI regulation, renowned entities such as Visa and Mastercard are in the process of compliance to the data localization policy.[3]
Understanding the confidential nature of data being provided by the customers to these service providers and the impact of the violation of its safety, almost 80% players in this sector have commenced the procedure of compliance to the RBI regulation including submission of proposals to RBI in the said regard. The stringent monitoring by RBI aims to create a more effective and secure data protection regime in India by monitoring the payments done in India.

No comments:

Post a Comment