<linearGradient id="sl-pl-stream-svg-grad01" linear-gradient(90deg, #ff8c59, #ffb37f 24%, #a3bf5f 49%, #7ca63a 75%, #527f32)
0%
Loading ...

Indian Data protection Bill

INDIAN DATA PROTECTION BILL

Say Affirmative to Data Protection Bill!!
Indian Data Protection Bill

What is Data Protection Bill?

As of today, February 18, 2024, there is no longer a “Data Protection Bill” in India. It has been replaced by the Digital Personal Data Protection Act, 2023, which was enacted on August 11, 2023. This act serves as the primary legal framework for regulating the processing of digital personal data within India.

Benefits of Indian Data protection Bill?

Increased Individual Control:

  • Right to Access: Individuals can request access to their personal data, understand its usage, and request corrections or deletions.
  • Right to Restrict Processing: Individuals can opt out of certain data processing activities or limit how their data is used.
  • Right to Data Portability: Individuals can transfer their data easily to another data fiduciary.
  • Consent Requirements: Companies need clear and informed consent before collecting and processing personal data.

Enhanced Data Security and Privacy:

  • Data Minimization: Companies can only collect and process data that is necessary for the specified purpose.
  • Data Localization: The Bill proposes storing certain sensitive personal data within India, potentially enhancing security and control.
  • Stronger Accountability: Companies face penalties for data breaches and non-compliance, promoting responsible data handling.
  • Data Protection Authority: A dedicated authority will oversee enforcement and address data protection concerns.
 

Benefits Of Indian Data Protection Bill?

Increased Individual Control:

  • Right to access: Individuals can request access to their personal data, understand its usage, and request corrections or deletions.
  • Right to restrict processing: Individuals can opt out of certain data processing activities or limit how their data is used.
  • Right to data portability: Individuals can transfer their data easily to another data fiduciary.
  • Consent requirements: Companies need clear and informed consent before collecting and processing personal data.

Enhanced Data Security and Privacy:

  • Data minimization: Companies can only collect and process data that is necessary for the specified purpose.
  • Data localization: The Bill proposes storing certain sensitive personal data within India, potentially enhancing security and control.
  • Stronger accountability: Companies face penalties for data breaches and non-compliance, promoting responsible data handling.
  • Data protection authority: A dedicated authority will oversee enforcement and address data protection concerns.

Our Approach

1. Consent and Purpose Limitation:

  • Consent Collection: Data Fiduciaries (organizations processing data) must obtain clear and unambiguous consent from the Data Principal (individual whose data is being processed) before collecting their personal data.
  • Notice: A clear notice must be provided before seeking consent, outlining the specific data to be collected, the purpose of processing, and how the data will be used.
  • Purpose Limitation: Data can only be processed for the specific purpose(s) mentioned at the time of consent. There are limited exceptions for processing data for other purposes but they must be clearly defined.

2. Data Minimization and Storage Limitation:

  • Minimize Data Collection: Data Fiduciaries should only collect the personal data that is absolutely necessary to fulfill the specified purpose.
  • Storage Limitation: Data can only be stored for as long as it is required to serve the stated purpose. Once the purpose is fulfilled, the data should be deleted unless there's a legal requirement to retain it.

3. Data Security and Breach Notification:

  • Security Measures: Data Fiduciaries are obligated to implement appropriate technical and organizational security safeguards to protect personal data from unauthorized access, disclosure, alteration, or destruction.
  • Data Breach Notification: In case of a data breach, the Data Fiduciary must notify the Data Protection Authority (DPA) within 72 hours of becoming aware of the incident. They must also inform affected individuals unless it can be demonstrated that the breach poses no risk to their rights.

4. Data Subject Rights:

  • Right to Access: Data Principals have the right to access their personal data held by a Data Fiduciary and obtain a copy of it in an electronic format.
  • Right to Correction and Erasure: Individuals have the right to request correction of inaccurate data and erasure of their personal data under certain circumstances, like when consent is withdrawn or the data is no longer necessary.
  • Right to Restrict Processing: Data Principals have the right to restrict or object to the processing of their personal data in certain situations.
  • Right to Data Portability: Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another Data Fiduciary.

5. Cross-Border Data Transfers:

  • Restrictions: The Bill restricts the transfer of personal data outside of India without the explicit consent of the Data Principal. There are exceptions for specific situations, but they must comply with regulations set by the Central Government.

6. Enforcement & Grievances:

  • Enforcement: The DPA will be responsible for enforcing the provisions of the Data Protection Bill. This includes investigating complaints, issuing directions, and imposing penalties for non-compliance.
  • Complaint Mechanism: Data Fiduciaries are required to establish a grievance redressal mechanism to address complaints from Data Principals regarding their personal data.

Risk Advisory

REACH US

Please enable JavaScript in your browser to complete this form.
Name

Level Up Your Security: Explore Our Services!

GDPR Readiness Review

A GDPR Readiness Review is an assessment conducted to evaluate an organization's compliance with the General Data Protection Regulation (GDPR), a comprehensive data protection law in the European Union (EU). This review involves examining data processing activities, consent mechanisms, data protection measures, data subject rights, data transfers, and data breach response procedures. The goal is to identify gaps, assess risks, and implement necessary measures to ensure compliance with GDPR requirements and protect individuals' privacy rights.

ISO 27701 – PIMS Compliance

ISO 27701 is a standard that specifies requirements and provides guidelines for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS). This system focuses on managing personal data privacy in line with global privacy regulations such as the GDPR. Achieving ISO 27701 certification demonstrates an organization's commitment to protecting personal information, ensuring transparency, and complying with privacy requirements, thus enhancing trust with stakeholders and customers.

Data Protection Impact Assessment

Strategy and plan development is about defining clear goals, analyzing factors, developing aligned stratA Data Protection Impact Assessment (DPIA) is a systematic process used to identify, assess, and mitigate potential privacy risks associated with the processing of personal data. It helps organizations evaluate the necessity, proportionality, and compliance of data processing activities with data protection regulations such as the GDPR. DPIAs involve identifying potential risks to individuals' privacy, assessing the severity and likelihood of these risks, and implementing measures to minimize or eliminate them.

DPDP Act

The DPDP Act refers to the Data Protection and Privacy Act, which is a legislation focused on safeguarding personal data and privacy rights in a specific jurisdiction. This act typically outlines rules and regulations for data collection, processing, storage, and sharing, along with provisions for data subject rights, consent mechanisms, data breach notifications, and enforcement measures. Its purpose is to protect individuals' privacy while promoting responsible data handling practices by organizations operating within the jurisdiction.

DLP Assessment Service

DLP Assessment Service involves evaluating an organization's Data Loss Prevention (DLP) measures to identify vulnerabilities and improve data protection. This assessment includes reviewing DLP policies, configurations, monitoring capabilities, and incident response procedures. The goal is to enhance data security, prevent data breaches, and ensure compliance with data protection regulations. The DLP assessment service helps organizations identify sensitive data exposure risks, implement effective data loss prevention controls, and strengthen overall cybersecurity defenses.

Scroll to Top