As per the recent decision taken by the RBI, all data related to payments must be stored only in India and data processed abroad will have to be brought back to the country within 24 hours.
"The entire payment data shall be stored in systems located only in India,” the RBI said in its FAQs on certain implementation issues raised by the Payment System Operators (PSOs).
The RBI had rolled out a directive in April 2018 on ‘Storage of Payment System Data’. The directive had advised all system providers to ensure that within a period of six months, payment data relating to Indian users should be stored in a system only in India.
In case the processing is done abroad, "the data should be deleted from the systems abroad and brought back to India not later than the one business day or 24 hours from payment processing, whichever is earlier".
During the six months, after RBI’s data localisation directive, the scrutiny was concentrated on US payment players who have reached out to the Ministry of Finance and the Ministry of Electronics and Information Technology (MeitY) at multiple occasions, and have been lobbying to seek dilution of the RBI directive.
In October, electronic payment companies operating in India had to comply, and submit a report to the RBI on its directive to store payments data pertaining to Indian users within the country. These companies were also requested to get their systems audited by an external auditor and submit a compliance report by December this year.