NEW DELHI: The new digital personal data protection law, that becomes operational after the passage of supporting rules, mandates companies handling digital data to immediately inform users and the newly-constituted data protection board about any breaches to drive transparency in data handling processes.As soon as the entity involved in the processing of personal data learns about breach, it will need to inform each affected user without delay, including a description of the breach, the extent and timing of the occurrence. Besides, the consequences of the breach and the measures taken to mitigate risk, along with the safety measures to protect their interests need to be communicated. Similar intimation will need to be given to the Data Protection Board.Also, there will be additional obligations on companies as they will need to update the board with further details and information about the breach within 72 hours. The rules mandate that companies dealing with online data will need to “prominently publish” on their website or app the business contact information of the Data Protection Officer, who will answer queries of the users about the processing of their personal data.However, it will be some time before the users can avail of the full powers provided under the law. “The Data Protection Board comes into existence now, but obligations of data fiduciaries become enforceable only after 18 months. This creates an extended interim period where the Board exists but has limited actionable mandate for upwards of a year,” said Shreya Suri, a partner with law firm IndusLaw.Vikram Jeet Singh, Partner at BTG Advaya law firm, said effective implementation and enforcement will be critical. “The establishment of Data Protection Board assumes great significance now, since this body will be charged with operationalising the new law into practice. The digital personal data protection act and its rules are, even now, mostly principals based, and will provide a lot of discretion to the regulator. How the regulator takes up this challenge will determine the success or otherwise of this new law.