0 likes | 15 Views
he Digital Personal Data Protection Bill is an important legislation introduced in India to safeguard the privacy of individuals' digital personal data
E N D
#learntorise #learntorise INDIA’S DIGITAL PERSONAL DATA PROTECTION BILL SWIPE LEFT TO AGENDA @infosectrain @infosectrain www.infosectrain.com
I n d i a ’ s D i g i t a l P e r s o n a l D a t a P r o t e c t i o n B i l l The Union Cabinet has approved the Digital Personal Data Protection Bill which is India's first comprehensive data protection law. Approved by the cabinet on July 5, 2023, it ensures an individual’s personal inform ation security and privacy, and is slated to be introduced in Parliament shortly. #learntorise + USD 449 @infosectrain www.infosectrain.com
I n d i a ’ s D i g i t a l P e r s o n a l D a t a P r o t e c t i o n B i l l #learntorise Key Features: Applicability:Digital personal data gathered online or offline and digitized in India shall be subject to the Bill. It applies to processing personal data outside India for selling products or services or profiling Indians.Personal data is data about an identifiable person. Processing involves automating digital personal data activities. Collection, storage, use, and sharing. @infosectrain www.infosectrain.com
I n d i a ’ s D i g i t a l P e r s o n a l D a t a P r o t e c t i o n B i l l Consent: Consent is required to process personal data which must be notified. The notice should describe the personal data collected and its use. Consent is revocable. When processing is necessary for Law enforcement, State service or benefit provision, Medical emergency, Employment, and Specified public interest purposes like national security, fraud prevention, and information security, consent is as sumed. Legal guardians provide consent for minors. #learntorise @infosectrain www.infosectrain.com
I n d i a ’ s D i g i t a l P e r s o n a l D a t a P r o t e c t i o n B i l l #learntorise Rights and duties of data principal: A data principal has the right to obtain information about processing, correct and erase personal data, nominate another person to exercise rights in the event of death or incapacity, and grievance redressal. Data principals have duties. They cannot register a false or frivolous complaint, provide false information, withhold information, or impersonate another person in certain instances. Duty violations carry a Rs 10,000 fine. @infosectrain www.infosectrain.com
I n d i a ’ s D i g i t a l P e r s o n a l D a t a P r o t e c t i o n B i l l #learntorise Obligations of data fiduciaries: Data fiduciaries must: Make reasonable efforts to ensure data accuracy and completeness, Build reasonable security safeguards to prevent data breaches and inform the Data Protection Board of India and affected persons in the event of a breach, and Cease to retain personal data as soon as the purpose has been met and retention is not necessary for legal. Government processing does not require storage limitations. @infosectrain www.infosectrain.com
I n d i a ’ s D i g i t a l P e r s o n a l D a t a P r o t e c t i o n B i l l #learntorise Transfer of personal data outside India: Countries where a data fiduciary may transfer personal data shall be informed by the federal government.Transfers shall be governed by the terms and conditions specified. @infosectrain www.infosectrain.com
I n d i a ’ s D i g i t a l P e r s o n a l D a t a P r o t e c t i o n B i l l #learntorise Exemptions: Data principle rights and data fiduciary obligations (excluding data security) will not apply in some instances, such as preventing and investigating crimes and enforcing legal rights or claims. By notification, the national government might exempt specific activities from the Bill.These include government processing for state security and public order and research, archiving, and statistical purposes. @infosectrain www.infosectrain.com
I n d i a ’ s D i g i t a l P e r s o n a l D a t a P r o t e c t i o n B i l l Data Protection Board of India: The Board, created by the central government, monitors compliance and imposes penalties, directs data fiduciaries to take required measures in the event of a data breach, and hears grievances from affected parties. The central government will determine the Board's membership, selection method, appointment and service terms, and dismissal process. #learntorise @infosectrain www.infosectrain.com
I n d i a ’ s D i g i t a l P e r s o n a l D a t a P r o t e c t i o n B i l l Penalties: The bill specifies penalties for numerous legal #learntorise Penalties: infractions. The following are the prescribed penalties: A fine of up to Rs. 250 crore for failing to put sufficient security measures in place to prevent breaches of pe sonal data. Failure to alert the Data Protection Authority of India (DPAI) and i pacted users in the case of a personal data breach may result in a punishment of up to Rs. 200 crore. Failure to comply with new requirements relating to minors may result in a punishment of up to Rs. 200 crore. A fine of up to Rs. 10 crore for failing to follow the rules on data l calization. @infosectrain www.infosectrain.com
I n d i a ’ s D i g i t a l P e r s o n a l D a t a P r o t e c t i o n B i l l Significant data fiduciaries who violate their extra legal obligations could be subject to a fine of up to Rs. 150 crore. #learntorise It is significant to remember that multiple infractions may result in cumulative penalties. For instance, a data fiduciary may be subject to a combined penalties of up to Rs. 500 crore if they fail to take appropriate security measures and fail to inform the DPAI of a personal data breach. @infosectrain www.infosectrain.com