DPDP Roles, explained simply

India's Digital Personal Data Protection Act. Who is who.

‹ Sector wise readiness

Sector wise readiness

Telecom and ISPs: retention pulls both ways

A misconception I keep seeing when telecom and ISP teams read DPDP checklists: "we already retain everything the licence requires, so DPDP retention is handled."

It is the opposite problem. DPDP does not ask you to retain. It asks you to erase when the purpose ends. Your licence and lawful interception duties ask you to keep. Those two pull in opposite directions, and the reconciliation between them is exactly what an auditor will want to see on paper.

What applies from the start, whatever your size

What telecom carries because of the data it holds

What may not apply yet, and stays separate

The better question

The better question is not "does telecom have to retain this?"

It is "for each dataset I keep, can I point to the specific law that requires it, and erase the rest?"

Law creates obligations. Scale and risk influence implementation. But the retention reconciliation is a day one discipline. You cannot wait for a notification to start documenting why you hold what you hold.

If you work in telecom, how clean is your dataset by dataset retention basis? Drop it in the comments.

#DPDP #DataProtection #Telecom #ISP #Privacy #DataRetention

Be DPDP ready before the deadline

We are preparing more than a dozen ready to use templates, including the Privacy Notice, Consent Notice, Data Retention and Erasure Policy, Security Safeguards Policy, Breach Response Procedure, Children's Data Policy, and the Data Processing Agreement. Drop your email and we will notify you when the assessment and templates go live.