With the increased proliferation of internet in the modern-day life digitalization has reached to another level of excellence. Availability of all major services including commercial transactions, banking activities, dissemination of information, communication, the virtual world has become a new hub for fulfilment of all requirements. This has also lead to increase in the e-payments by leaps and bounds, thereby demanding the restriction of data storage within the country. The simplified payment mechanism on the electronic interface allows the purchase of goods/ services at the click of a button. Considering the sensitivity of the nature of the transactions involving money, such systems directs for adoption of best safety and security measures on a continuous basis.
The Reserve Bank of India (hereinafter referred to as "RBI"), vide its notification dated April 6, 20181 imposed data localization (hereinafter referred to as "RBI regulation") whereby all system providers were ordered to ensure that the entire data including the complete transaction details and information regarding the payment instruction relating to payment systems operated by them, are stored in a system only in India till October 15, 2018. Introduced with a view to have unfettered supervisory access to data stored with these system providers as also with their service providers / intermediaries/ third party vendors and other entities in the payment ecosystem, the RBI regulation aims for better monitoring of the payment transactions in India.
Compliance to RBI Regulation
The advent of the RBI regulation necessitating localization of the data generated in India posed challenges for the international payment entities in terms of non-availability of servers or data centres and their establishment would be both expensive and time-consuming thus adding to their administrative cost and compliance burden.
Standing by its mandate, the RBI expects adherence to the same for the payment entities operational in India without any fail along with the submission of a report in this regard. Any non-obedience to the said directive is likely to entail punitive action against the defaulters.2
RBI refused to accept the representations made by the payment entities requesting for the relaxation of norms stated in the RBI regulation. Ruling out the option of mirroring while addressing the arguments of technological hurdles raised by the payment entities, RBI suggested to opt for cloud services in order to ensure data localization.
Almost 80% of the players in the industry have observed the obligations desired in the RBI regulation. However, the deadline issued by the RBI thereunder insists to ascertain the entities follow the instructions of the authority in a time bound manner.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.