- The Reserve Bank of India (RBI) has clarified that payment system providers need to store entire payments data in a system only in India.
- The data should include end-to-end transaction details and information pertaining to payment or settlement transaction that is gathered, transmitted as part of a payment message or instruction.
- The data could be pertaining to customer data like name,mobile number,Aadhaar number,payment-sensitive data like customer and beneficiary account details and transaction data among others.
- Further,the RBI clarified that in case the processing is done abroad,the data should be deleted from the systems abroad and brought back to India within one business day or 24 hours from the payment processing whichever is earlier.
- In April 2018,Reserve Bank of India(RBI) had asked payment firms to ensure their data are stored exclusively on local servers.RBI had also set a deadline of six months for compliance which some foreign firms such as Mastercard and Visa had missed.
- The main intent behind data localisation is to protect the personal and financial information of the country’s citizens and residents from foreign surveillance and give local governments and regulators the jurisdiction to call for the data when required.
5 min read