The draft personal data protection Bill 2018, submitted by the Justice B.N. Srikrishna-headed expert panel on Friday, has proposed that critical personal data of Indian citizens be processed in centres located within the country.

The draft law, which comes after a year-long consultation process, however, has left it to the Central government to notify categories of personal data that will be considered as critical.

A copy in India

Other personal data may be transferred outside the territory of India with some riders. However, at least one copy of the data will need to be stored in India. The draft Bill, which India hopes will become a model framework for protection of personal data for the world, will apply to processing of personal data within India, including the State.

For data processors not present in India, the Act will apply to those carrying on business in India or other activities such as profiling which could cause privacy harms to data principals in India. The draft also provides for penalties for data processor as well as compensation to data principal to be imposed for violations of the data protection law. It has suggested a penalty of Rs. 15 crore or 4% of the total worldwide turnover of any data collection/processing entity, for violating provisions. Failure to take prompt action on a data security breach can attract up to Rs. 5 crore or 2% of turnover as a penalty.

Personal data, the draft law states, may be processed on the basis of the consent of the data principal, given no later than at the commencement of the processing. It added that processing of sensitive personal data should be on the basis of “explicit consent.” The law, the committee in its recommendations said, will not have retrospective application and will come into force in a structured and phased manner. “Processing that is ongoing after the coming into force of the law would be covered.”

Source -

Saturday, July 28, 2018

« Back

Powered by WHMCompleteSolution