In an age where data is the new gold, protecting your personal information is of utmost importance. The digital personal data protection bill passed in Parliament on Monday (August 7), is a very significant milestone in PM Narendra Modi’s vision of Global Standard Cyber Laws. The Digital Personal Data Protection Bill frames out the rights and duties of the citizen (Digital Nagrik) on one hand and the obligations to use collected data lawfully of the Data Fiduciary on the other hand.
The Bill will establish a comprehensive legal framework governing digital personal data protection in India. The Bill provides for the processing of digital personal data in a manner that recognizes the right of individuals to protect their personal data, societal rights, and the need to process personal data for lawful purposes.
At the heart of the bill lies the establishment of a Data Protection Authority, a dedicated regulatory body responsible for overseeing and enforcing data protection laws. This body will ensure that organizations handling personal data adhere to stringent regulations outlined in the bill.
Among the key provisions of the bill, emphasis on consent and purpose limitation stands out.
Individual rights are a central focus of the legislation. Citizens are granted the right to access, correct, and erase their personal data as needed, placing control firmly in their hands. Moreover, the bill enforces prompt data breach notifications, holding companies accountable for transparently reporting any breaches to both the Data Protection Authority and affected individuals.
In a move to anticipate potential privacy risks, the bill mandates organizations to carry out Privacy Impact Assessments prior to implementing new activities involving personal data processing. This ensures that risks are identified and mitigated before data handling begins.
Strict enforcement measures and penalties are in place to ensure compliance with the regulations. Organizations found violating the provisions may face a maximum of 250cr. and minimum 50cr. penalty and even criminal charges.
Notably, the legislation extends its protective umbrella to entities that store personal data with third-party data processors. This extension of responsibility emphasizes the paramount importance of data security across the board.
Addressing specific segments of society, the bill introduces special provisions for minors and individuals with guardians. Processing data of these vulnerable groups will be permitted only with the consent of their respective guardians.
As part of its comprehensive framework, the bill mandates the appointment of a Data Protection Officer by firms, further enhancing transparency and accountability.
The bill also endows the Data Protection Board with far-reaching authority, enabling it to summon individuals under oath, inspect documents of companies handling personal data, and even recommend blocking access to intermediaries that repeatedly breach the bill’s provisions.