What is Data Privacy Regulation Act?

The absence of any data protection law in India leads to leakage of individuals’ (our) personal data causing the violation of our fundamental right to privacy.

From Table 1, you can realize why data protection is necessary.

The Indian government has been working to build Indian’s Privacy Regulation for the last five years to protect the data. Finally, the government has released the Personal Data Protection (PDP) Bill. The journey of the PDP Bill is like this,

The Features

The PDP Bill has three main features,

It defines principles of data protection, for example,

It mandates only essential data for a particular purpose must be collected
Limit the use of data, no recycling or repurposing
After the fulfilment of the need, the data must be deleted

Collection and use of personal data must need consent from the Data Principals
Right to Review of data (access, erase, modify, delete) by the Data Principals

Important Terminology

Data

A data is an individual fact, it could be statistics, items of information or a numeric.

Data Principal

A Data Principal is an individual or person from whom the personal data has been collected.

Data Fiduciary

A Data Fiduciary could be an organization or a person who will collect data from the data principal and store the data.

Consent is required from the Data Principal when Data Fiduciary,

Collects and stores data
Process Data in India
Transfer Data to other countries for processing

Data Protection Authority

Data Protection Authority is a supervisory committee of an organization that govern and monitor all the activities related to data protection.

Data Protection Officer

Data Protection Officer (DPO) is the role that will maintain all the data protection activities.

A DPO will ensure the organization will,

Compliance with the PDP Bill
Portability and Access to individuals
No data will collect without any legitimate purpose
Delete the data after the purpose gets over
Right to be Forgotten: Data Principal can withdraw the consent at any time of the processing
Localization: all data will store only in India’s database with the consent of the data principal
Transfer of data to other countries: Consent from the data principal and the data fiduciary has been required during the transformation of any data from India to any other country.

Penalty

The penalty for PDP Bill violation,

Minimum: Rs.5 Crores or 2% of the annual turnover

Maximum: Rs.15 Crores or 4% of the annual turnover

Advantages of the PDP Bill

The PDP bill will,

Provide Data Sovereignty
Protect and Secure personal data
Protect critical information such as business transactions and financial statements
Help to reduce cyber attack
Help to reduce Fake News

Disadvantages/Challenges of the PDP Bill

The Indian Government can have access to information of the individuals for any reasonable purpose
The employers have the full right to use their employees’ data without taking any consent

The absence of any data protection law in India leads to leakage of individuals’ (our) personal data causing the violation of our fundamental right to privacy.

From Table 1, you can realize why data protection is necessary.

The Indian government has been working to build Indian’s Privacy Regulation for the last five years to protect the data. Finally, the government has released the Personal Data Protection (PDP) Bill. The journey of the PDP Bill is like this,

The Features

The PDP Bill has three main features,

It defines principles of data protection, for example,

It mandates only essential data for a particular purpose must be collected

Limit the use of data, no recycling or repurposing

After the fulfilment of the need, the data must be deleted

Collection and use of personal data must need consent from the Data Principals

Right to Review of data (access, erase, modify, delete) by the Data Principals

Important Terminology

Data

A data is an individual fact, it could be statistics, items of information or a numeric.

Data Principal

A Data Principal is an individual or person from whom the personal data has been collected.

Data Fiduciary

A Data Fiduciary could be an organization or a person who will collect data from the data principal and store the data.

Consent is required from the Data Principal when Data Fiduciary,

Collects and stores data

Process Data in India

Transfer Data to other countries for processing

Data Protection Authority

Data Protection Authority is a supervisory committee of an organization that govern and monitor all the activities related to data protection.

Data Protection Officer

Data Protection Officer (DPO) is the role that will maintain all the data protection activities.

A DPO will ensure the organization will,

Compliance with the PDP Bill

Portability and Access to individuals

No data will collect without any legitimate purpose

Delete the data after the purpose gets over

Right to be Forgotten: Data Principal can withdraw the consent at any time of the processing

Localization: all data will store only in India’s database with the consent of the data principal

Transfer of data to other countries: Consent from the data principal and the data fiduciary has been required during the transformation of any data from India to any other country.

Penalty

The penalty for PDP Bill violation,

Minimum: Rs.5 Crores or 2% of the annual turnover

Maximum: Rs.15 Crores or 4% of the annual turnover

Advantages of the PDP Bill

The PDP bill will,

Provide Data Sovereignty

Protect and Secure personal data

Protect critical information such as business transactions and financial statements

Help to reduce cyber attack

Help to reduce Fake News

Disadvantages/Challenges of the PDP Bill

The Indian Government can have access to information of the individuals for any reasonable purpose

The employers have the full right to use their employees’ data without taking any consent