What Is Data Localisation Audit?

  • Data Localisation is the practice of storing data on any device that is physically present within the borders of the country where the data is generated. As of now, most of these data are stored, in a cloud, outside India.
  • Localisation mandates that companies collecting critical data about consumers must store and process them within the borders of the country.

Advantages of Data Localisation

  • Secures citizen’s data and provides data privacy and data sovereignty from foreign surveillance. Example – Facebook shared user data with Cambridge Analytica to influence voting.
  • Unfettered supervisory access to data will help Indian law enforcement ensure better monitoring.
  • Ensures National Security by providing ease of investigation to Indian Law Enforcement agencies as they currently need to rely on Mutual Legal Assistance Treaties (MLATs) to obtain access to data.
  • It will give local governments and regulators the jurisdiction to call for the data when required.
  • Data centre industries are expected to benefit due to the data localisation which will further create employment in India.
  • Greater accountability from firms like Google, Facebook, etc. about the end-use of data.
  • Minimises conflict of jurisdiction due to cross-border data sharing and delay in justice delivery in case of data breach.


  • Maintaining multiple local data centres may lead to significant investments in infrastructure and higher costs for global companies.
  • Infrastructure in India for efficient data collection and management is lacking.
  • Splinternet or ‘fractured internet’ where the domino effect of protectionist policy can lead to other countries following suit.
  • Even if the data is stored in the country, the encryption keys may still remain out of the reach of national agencies.
  • Forced data localisation can create inefficiencies for both businesses and consumers. It can also increase the cost and reduce the availability of data-dependent services.

Key Criteria for System Audit Report for Data Localization (SAR)

Based on the RBI & NPCI Guidelines, the following key criteria need to be covered as part of this audit.

  • Payment Data Elements
  • Transaction / Data Flow
  • Application Architecture
  • Network Diagram / Architecture
  • Data Storage
  • Transaction Processing
  • Activities subsequent to Payment Processing
  • Cross Border Transactions
  • Database Storage and Maintenance
  • Data Backup & Restoration
  • Data Security
  • Access Management

We want to hear from you

Contact us today

Contact Us