The regulation on data protection and privacy should adopt a risk-based approach and provide certain relaxations and exceptions for micro, small and medium enterprises (MSMEs) under specific circumstances, suggested a recent ASSOCHAM-PwC joint study.

"In Indian context, it is also important to ask questions on the applicability and impact of any such data protection regulation on small and medium businesses (SMBs)," said the study titled, 'Privacy in the data economy,' jointly conducted by The Associated Chambers of Commerce and Industry of India (ASSOCHAM) and global professional services firm PricewaterhouseCoopers (PwC).

The report stated that stringent regulations may deter MSMEs due to the high costs and technology investments necessary for compliance. However, in the new age economy, a number of small enterprises are capturing and processing large volumes of data.

It further said that certain categories of private processing, such as processing carried out by not-for-profit organisations or charitable institutes, may have to be dealt with categorically and provided with certain exemptions.

The ASSOCHAM-PwC joint study suggested that privacy laws should also cater to specific sectors such as healthcare, telecom, banking and finance to address various nuances in each sector.