India is preparing to dramatically update its data and privacy laws. Their new proposed laws regarding privacy could extend even further than the General Data Protection Regulation. India has been working on this renewal for over five years. As India has a strong position in the digital market, the new data and privacy laws have the potential to influence businesses all over the world.
If the new laws are implemented, tech companies will have to report data breaches within six hours of after noticing the breach. Also, tech companies will have to keep their IT and communication logs archived for at least six months. Cloud computing and VPN services will also be required to retain names of customers and their IP addresses for at least five years, even if the customers terminate their accounts. Furthermore, the new law would require critical data to be processed in India and when sensitive personal data is transferred outside India, a copy must be stored in the country.