Tier-3 residents most worried about data security: PWC

Major awareness gap: Less than one-fifth of consumers are aware of the DPDP Act – a finding that is consistent across cities, professional profiles and age groups. Only 16% of consumers are aware about the DPDP Act across diverse geographies, age groups, occupational backgrounds and urban-rural divide, as per a survey of India’s data privacy landscape by PWC.

Name and email id are not personal data as they are shared on social media. My phone number and address are personal data. However, I don’t think Aadhaar, PAN and driving licence are personal data as those are documents," says a 23-year-old white-collar professional from a Tier-1 citY.

The biggest challenge right now is lack of awareness. While the law is in place, much groundwork is still required to make people understand why it’s important to protect their personal information, as per the report.

There’s a significant gap between the passing of the law and its actual implementation. Both the government and organisations need to work together to bridge this gap.” - Satyavat Mishra, Head - Corporate IT and Group CISO, Godrej Industries.

Only 40% of organisations claim to understand the act. Only 9% of these organisations reported a comprehensive understanding.

More than 50% of the consumers we surveyed are not aware of their rights, including the right to give or withdraw consent regarding use of personal data.

70 Percent consumers find privacy policies difficult to understand.

Despite the gap, many organisations do not plan to invest in creating consumer rights awareness

For large companies like ours, compliance won’t be too difficult. However, smaller organisations will need support to navigate these new regulations, and I hope industry bodies play an active role in that," says Dileep R, Head - Global Privacy, TCS.

Nearly half of the consumers think that it is either inappropriate for employers to request for personal details or that the amount of information shared with employers should be limited

35% of employees think that too much information is being requested from employees. In spite of this, companies have not initiated employee-specific programmes to develop trust. Only 36% of companies have initiated measures to to reassure employees about protection of their personal data.

For privacy regulations to succeed in India, it’s not just about the companies – it’s a collective effort involving the government, social institutions and society. Awareness around privacy are still low in smaller towns, and it will take time for people to realise the value of protecting their personal data. It’s a cultural shift, but one that will eventually catch on, much like the concept of securing financial assets.” - Amit Bhasin, Chief Legal Officer, Marico

2% of consumers do not think organisations treat consent-related clauses with seriousness.

69% of consumers feel that their data may not be safe with companies. Of these, 37% of respondents are from Tier-3 cities

Yet, organisations are not prioritising the need to invest in building trust and are not cognisant of the opportunities for greater success enabled by such efforts in enhancing privacy programmes and engaging with consumers.

As per the report, businesses have to ensure that data protection measures are inclusive and considerate of all consumer segments, including vulnerable groups such as blue-collar workers, retired individuals and residents of Tier-3 cities. In addition, they would need to identify and embed privacy awareness among their target consumers.

Regulators could prioritise public education and awareness campaigns to inform individuals about their data protection rights and how they can exercise them. Oversight mechanisms need to be enhanced to ensure that organisations adhere to data protection laws. While data protection boards focus on organisations implementing a privacy framework, there is potential to align privacy culture programmes focusing on consumers.