The absence of any data protection law in India leads to leakage of individuals’ (our) personal data causing the violation of our fundamental right to privacy.
From Table 1, you can realize why data protection is necessary.
The Indian government has been working to build Indian’s Privacy Regulation for the last five years to protect the data. Finally, the government has released the Personal Data Protection (PDP) Bill. The journey of the PDP Bill is like this,

The Features

The PDP Bill has three main features,
  1. It defines principles of data protection, for example,
  • It mandates only essential data for a particular purpose must be collected
  • Limit the use of data, no recycling or repurposing
  • After the fulfilment of the need, the data must be deleted
  1. Collection and use of personal data must need consent from the Data Principals
  2. Right to Review of data (access, erase, modify, delete) by the Data Principals

Important Terminology


A data is an individual fact, it could be statistics, items of information or a numeric.

Data Principal

A Data Principal is an individual or person from whom the personal data has been collected.

Data Fiduciary

A Data Fiduciary could be an organization or a person who will collect data from the data principal and store the data.
Consent is required from the Data Principal when Data Fiduciary,
  1. Collects and stores data
  2. Process Data in India
  3. Transfer Data to other countries for processing

Data Protection Authority

Data Protection Authority is a supervisory committee of an organization that govern and monitor all the activities related to data protection.

Data Protection Officer

Data Protection Officer (DPO) is the role that will maintain all the data protection activities.
A DPO will ensure the organization will,
  1. Compliance with the PDP Bill
  2. Portability and Access to individuals
  3. No data will collect without any legitimate purpose
  4. Delete the data after the purpose gets over
  5. Right to be Forgotten: Data Principal can withdraw the consent at any time of the processing
  6. Localization: all data will store only in India’s database with the consent of the data principal
  7. Transfer of data to other countries: Consent from the data principal and the data fiduciary has been required during the transformation of any data from India to any other country.


The penalty for PDP Bill violation,
Minimum: Rs.5 Crores or 2% of the annual turnover
Maximum: Rs.15 Crores or 4% of the annual turnover

Advantages of the PDP Bill

The PDP bill will,
  1. Provide Data Sovereignty
  2. Protect and Secure personal data
  3. Protect critical information such as business transactions and financial statements
  4. Help to reduce cyber attack
  5. Help to reduce Fake News

Disadvantages/Challenges of the PDP Bill

  1. The Indian Government can have access to information of the individuals for any reasonable purpose
  2. The employers have the full right to use their employees’ data without taking any consent