The absence of any data protection law in India leads to leakage of individuals’ (our) personal data causing the violation of our fundamental right to privacy.
From Table 1, you can realize why data protection is necessary.
The Indian government has been working to build Indian’s Privacy Regulation for the last five years to protect the data. Finally, the government has released the Personal Data Protection (PDP) Bill. The journey of the PDP Bill is like this,
The PDP Bill has three main features,
It defines principles of data protection, for example,
It mandates only essential data for a particular purpose must be collected
Limit the use of data, no recycling or repurposing
After the fulfilment of the need, the data must be deleted
Collection and use of personal data must need consent from the Data Principals
Right to Review of data (access, erase, modify, delete) by the Data Principals
A data is an individual fact, it could be statistics, items of information or a numeric.
A Data Principal is an individual or person from whom the personal data has been collected.
A Data Fiduciary could be an organization or a person who will collect data from the data principal and store the data.
Consent is required from the Data Principal when Data Fiduciary,
Collects and stores data
Process Data in India
Transfer Data to other countries for processing
Data Protection Authority
Data Protection Authority is a supervisory committee of an organization that govern and monitor all the activities related to data protection.
Data Protection Officer
Data Protection Officer (DPO) is the role that will maintain all the data protection activities.
A DPO will ensure the organization will,
Compliance with the PDP Bill
Portability and Access to individuals
No data will collect without any legitimate purpose
Delete the data after the purpose gets over
Right to be Forgotten: Data Principal can withdraw the consent at any time of the processing
Localization: all data will store only in India’s database with the consent of the data principal
Transfer of data to other countries: Consent from the data principal and the data fiduciary has been required during the transformation of any data from India to any other country.
The penalty for PDP Bill violation,
Minimum: Rs.5 Crores or 2% of the annual turnover
Maximum: Rs.15 Crores or 4% of the annual turnover
Advantages of the PDP Bill
The PDP bill will,
Provide Data Sovereignty
Protect and Secure personal data
Protect critical information such as business transactions and financial statements
Help to reduce cyber attack
Help to reduce Fake News
Disadvantages/Challenges of the PDP Bill
The Indian Government can have access to information of the individuals for any reasonable purpose
The employers have the full right to use their employees’ data without taking any consent