By end June, all business owners in India are expected to follow the tough guidelines for emergency data response
We had reported last week that the Federal Government’s efforts to bring tougher data protection guidelines from end-June may fall flat as SMBs may find it tough to follow the compliance standards. Now, it looks like the central government is planning to offer extra support to this segment of industry.
Rajeev Chandrasekhar, the minister of state in the ministry of electronics and information technology (MeitY) tweeted about a meeting he had with representatives of the small and medium businesses late last week.
“Met industry leaders and stakeholders who had doubts about the recently issued #Cybersecurity directions & explained them about the government’s approach towards an Open, Safe & Trusted and Accountable internet,” the minister said in a tweet while adding that he also encouraged the SMB representatives to partner with the government to make the internet safe.
What’s the solution?
The Ministry is considering possible relaxations and support to the micro and small businesses as well as start-ups in the need to comply with government’s April 29 guidelines framed and published by the Indian Computer Emergency Response Team (CERT-In).
Not just the SMBs, even the larger corporations have expressed concern around the added compliance requirements, especially around the provisions of reporting cybersecurity incidents within six hours. However, it is only the micro and small enterprises that find the provisions around data logging and preservation to be tedious due to the cost and skill factors.
The SMBs further pointed out that they would not have the requisite infrastructure or the technical knowhow to manage some of the compliance related issues provided by CERT-In. The rules cannot be the same for SMBs and larger companies is how the representatives brought the matter before the minister, who reportedly agreed to look into the matter.
The minister also informed the SMB representatives that the government would be taking up awareness campaigns around the CERT-In directions and would also reach out to CTOs and CIOs of enterprises to help these initiatives. Ever since the announcements on April 29, industry and trade associations have expressed concerns and requested that implementation dates be postponed for a few months.