On September 17, 2024, the Data Security Council of India (DSCI) published a whitepaper on Privacy Across Borders: Guidance on Cross-Border Data Transfers for Indian Organizations. The whitepaper provides practical steps for safeguarding data and maintaining compliance during inbound and outbound data transfers. Additionally, the whitepaper provides a reference guide and checklists of the key responsibilities and legal obligations of data fiduciaries and data processors under the Digital Personal Data Protection Act. More specifically, the whitepaper outlines best practices on topics such as Data Protection Impact Assessments (DPIAs), audits, and harmonizing global compliance requirements.

What are the key provisions of the whitepaper?

The whitepaper includes the following recommendations and considerations:

• refer to the latest Government-notified country list and restrictions on cross-border data transfers to different countries;
• identify and understand existing sectoral restrictions and protection measures in existing Indian sectoral or specific laws for data processing;
• implement necessary measures as mandated by sectoral and sector-agnostic legal frameworks;
• for organizations servicing clients in the UK specifically, performing a transfer risk assessment is recommended;
• implement the required process and technical controls (if needed) delineated in the whitepaper as a feature in the organization's data transfer framework;
• place particular focus and additional protection on cross-border transfers of sensitive datasets, which must be enforced constantly;
• develop and implement internal and external data audit mechanisms, which may be suggested by the Data Protection Board of India; and
• based on risk factors and organizational business requirements, industry certifications like ISO 27701:2019 and related standards may be adhered to as applicable.

You can read the press release and download the whitepaper here.