In April 2018, the Indian central bank, RBI, issued the Storage of Payment System Data policy, which mandated that all system providers store data related to their payment systems only in India. Recently, RBI barred Mastercard from issuing new cards in India after finding out their customers’ data was located outside the country. Earlier, in April 2021, RBI barred American Express and Diners Club from adding new customers for six months due to their violation of the local data-storage rules.
Also, RBI will now regularly follow up on compliance and may impose similar bans or other penalties in case of lapses. For RBI, data security is nonnegotiable, and customer data is subject to the laws of the country in which it is collected or processed and must remain within its borders—India, in this case.