In order to protect the data of borrowers and customers in general and keep them from being misused the Reserve Bank of India has issued guidelines to all lenders, including banks.
The new guidelines are effective immediately and have to be implemented within November 30 to facilitate a smooth transition. According to the guidelines, Regulated Entities (RE) cannot store any information of borrowers other than specified ones.
“It is further advised that the instructions contained in this circular shall be applicable to the ‘existing customers availing fresh loans’ and to ‘new customers getting onboarded’, from the date of this circular. However, in order to ensure a smooth transition, REs shall be given time till November 30, 2022, to put in place adequate systems and processes to ensure that ‘existing digital loans’ (sanctioned as on the date of the circular) are also in compliance with these guidelines in both letter and spirit,” RBI said in a press release.
As per the guidelines, REs have to ensure that Lending Service Providers (LPS) or Digital Lending App (DLA) engaged by them do not store any personal information of the borrower, except some basic minimal data.
These include name, address, contact details of the customer, etc. Responsibility regarding data privacy and security of the customer’s personal information will be that of the RE.
All data should be stored only in servers located within India, while ensuring compliance with statutory obligations/ regulatory instructions.