Consider the following statements:
The Reserve Bank of India’s recent directives relating to ‘Storage of Payment System Data’, popularly known as data diktat, command the payment system providers that
- they shall ensure that entire data relating to payment systems operated by them are stored in a system only in India
- they shall ensure that the systems are owned and operated by public sector enterprises
- they shall submit the consolidated system audit report to the Comptroller and Auditor General of India by the end of the calendar year
Which of the statements given above is/are correct?
This questions was previously asked in
UPSC CSP Previous Year Paper (2019)
1 and 2 only
Incorrect Answer1, 2 and 3
Incorrect AnswerExplanation:
According to the data localization guidelines issued by RBI-
All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India. This data should include the full end-to-end transaction details / information collected / carried / processed as part of the message / payment instruction. For the foreign leg of the transaction, if any, the data can also be stored in the foreign country, if required.
System providers shall submit the System Audit Report (SAR) on completion of the requirement. The audit should be conducted by CERT-IN empaneled auditors certifying completion of activity. There has not been any requirement to submit the reort to CAG.
![]()
By: Abhipedia