The Indian government has been pushing forward with new data protection policies to protect its citizens against the misuse of their data and other privacy violations. As we’ll discuss in detail below, this means the new data protection bill will have some serious consequences for any businesses that violate it or fail to meet its requirements. The bill was passed by the Rajya Sabha or upper house on August 9, 2019, and the Lok Sabha, or lower house is expected to follow suit soon. Let’s take a closer look at this new data protection bill as well as what it means for your business.
Table of Contents
What is the proposed data protection bill?
The Data Protection Bill is currently being considered by the Indian Parliament. The proposed bill would give citizens more control over their personal information, as well as provide them with the ability to know what has been collected about them and how it is used. The bill also proposes that individuals would have the right to access and correct their data. If you’re an organization, these new protections would require you to report a breach within 72 hours of becoming aware of it. It’s important to note that this does not apply to credit card numbers, bank account numbers, or passwords. For those sensitive pieces of data, organizations will be required to notify customers without undue delay.
What are the key features of the bill?
The Data Protection Bill is designed to protect the personal data of Indian citizens. It is a follow-up to the Supreme Court’s landmark judgment, which ruled that the privacy of data should be protected. Some key features of the bill include:
A. Right to Opt-Out – The bill ensures that users have the right to opt-out and stop sharing their personal information with any company or service provider at any time.
B. Consent Required for Personal Information Sharing – The consent of the individual must be obtained before any personal information can be shared with any entity or organization.
C. Access to Personal Information Provided – Users will also have access to all their personal information provided by various organizations and entities if they request it from them and all those organizations are obliged by law to provide it promptly within 72 hours after being requested.
When will the bill come into effect?
The bill will come into effect on 23rd March 2022. The bill would allow the Indian government to impose a penalty of up to ₹10 million or 4% of the turnover of the business whichever is higher. Businesses that do not comply with this law can be fined up to ₹5 million or 2% of their turnover. Under Section 43A, if data security measures are breached and it causes damage to someone’s life, liberty or reputation then the company can face penalties up to ₹1 billion (about $14 million) and an individual found guilty of such an offense faces imprisonment up to three years. Any person who violates provisions relating to sensitive personal data could face imprisonment of up to three years and/or a fine of up to Rs 10 lakhs ($14,000).
How will the bill impact businesses?
The bill will impact businesses by limiting the amount of data collected on citizens, incentivizing companies to store data within the country, and penalizing companies that do not comply. The bill also requires users to give explicit consent before they can use a company’s services. If they don’t agree, then their account is blocked until they fill out the required form. It makes it mandatory that any organization or individual with access to personal information must report breaches to a regulator as soon as possible and take necessary measures to protect such data from misuse or unauthorized disclosure.
Data center protection
The Indian government has recently made a significant step towards data protection with the introduction of a new bill. This draft Data Protection Bill was proposed by the Justice BN Srikrishna Committee and aims to provide a legal framework to govern data protection in India.
The new bill aims to protect the rights of individuals and set limits on how their personal information can be used, while also establishing the responsibilities of organizations that collect, store, or process such information. It would grant citizens greater control over the use of their personal information and require companies to adhere to certain standards when it comes to data collection, processing, and storage. Organizations must also appoint data protection officers who will take responsibility for overseeing compliance with these standards.