Indian Data Protection Bill

Personal Data Protection Bill Advisor in India

  1. Overview

The Indian Data Protection Bill, also referred to as the Personal Data Protection Bill, 2019, is a bill that was introduced in the Indian Parliament in December 2019. The bill aims to provide a framework for the protection of personal data in India, similar to the General Data Protection Regulation (GDPR) in the European Union. The bill defines personal data and sensitive personal data, establishes a Data Protection Authority to oversee compliance, and establishes penalties for non-compliance. The bill is currently under review and has not yet been passed into law.

The Indian Data Protection Bill is a proposed legislation aimed at protecting the personal data of individuals in India. The bill seeks to establish a legal framework for the collection, processing, storage, and transfer of personal data in India.

  1. Approach

Here are some key approaches to the Indian Data Protection Bill:

  • Data Localization: The bill proposes to mandate the localization of sensitive personal data, which includes financial data, health data, biometric data, and data related to national security. This means that such data must be stored within India and cannot be transferred outside India without the explicit consent of the data owner.
  • Data Protection Authority: The bill proposes the establishment of a Data Protection Authority (DPA) that will be responsible for enforcing the provisions of the bill. The DPA will have the power to investigate data breaches, issue fines for non-compliance, and order the deletion of personal data.
  • Cross-Border Data Transfers: The bill proposes to allow cross-border transfers of personal data under certain conditions, such as obtaining the explicit consent of the data owner, entering into a contract with the data recipient that provides for adequate data protection, and obtaining approval from the DPA.
  • Consent: The bill proposes to require explicit consent from data subjects for the collection, processing, and transfer of personal data. The bill also provides for the right to withdraw consent and the right to be forgotten.
  • Data Breach Notification: The bill proposes to require data controllers to notify the DPA and data subjects in case of a data breach. The notification must be made within a specified time frame and must provide details of the breach and the steps taken to mitigate the impact.

Overall, the Indian Data Protection Bill is aimed at protecting the personal data of individuals in India and establishing a legal framework for the collection, processing, storage, and transfer of personal data. The above approaches to the bill highlight the key provisions of the proposed legislation and provide guidance for organizations to comply with its requirements.

REACH US TO ENSURE THAT WHEN EVEN WHEN A CRISIS STRIKES, YOUR BUSINESS MUST GO ON AS USUAL.