BUSINESS

Regulatory Tech Firms Emerge as Key Players in Helping Indian Companies Comply with New Data Protection Rules

In Desk

Jan 7, 2025 • 2 min read

Mumbai, India - As the government moves forward with the implementation of the Digital Personal Data Protection (DPDP) rules, regulatory tech firms like Leegality and IDfy are poised to play a crucial role in helping technology-first companies comply with stringent guidelines around processing and storing consumer data.

The Centre released the draft DPDP rules under the Digital Private Data Protection Act, 2023 on Friday, which proposed a system of registration for consent managers - entities responsible for managing customer data collected by organisations. Leegality, IDfy, and AI-driven privacy ventures like Skyflow are expected to offer data management services such as encryption of personally identifiable data and age-gating for gaming and social media platforms.

"We plan to apply for consent manager registration. Our experience with operating digital compliance flows at scale within large organisations puts us in a good position to take on the role of a consent manager and help close the compliance gap in large companies," said Shivam Singla, cofounder at Leegality.

IDfy plans to apply to become a recognised consent manager and has built its product Privy as a platform managing customer consent and tracking lifecycle of the consent. "The market for privacy-tech solutions is expanding rapidly...We anticipate a significant addressable market in India, potentially worth several billion dollars in the next five years," said Ashok Hariharan, cofounder and CEO of IDfy.

Industry insiders believe that while large corporations with business operations in Europe and the United States will be better prepared to handle the new rules, challenges will be higher for local firms and technology-led startups. Small enterprises and startups that collect a lot of user data but have not invested in consent management and protection of consumer data are likely to take on the services of these consulting firms first.

"The impact will be bigger for small enterprises and startups which collect a lot of user data but have not invested in consent management and protection of consumer data," said Salman Warris, partner at Techlegis, a law firm specialising in digital data privacy.

While top executives of large companies are still in a ‘wait and watch’ mode, regulatory tech firms are well-positioned to take on the role of consent managers and help Indian companies comply with the new rules. "We have spoken to over 100 large companies...and many are conducting initial assessments and pilot projects. There is a general recognition that there is a clear value in having a single, unified consent manager," said Singla.

However, Warris noted that these services are still early days for consultancy firms to claim they can become consent managers, adding "Some of the work has been going on for some time now...To get it correct, I think there is still some time left."

The draft DPDP rules are still up for public feedback, so these services can be finalised only after the final rules are released. The emergence of regulatory tech firms poses an opportunity not just for compliance but also for unlocking the transition to Web3 - a future where consumers have control on their own data and are able to seamlessly monetise it on their own terms.

Sign up for more like this.