Every individual has a right for privacy and to decide where and with whom the data should be shared.
India's Personal Data Protection Bill (PDPB) aims to provide consumers with new privacy rights pertaining to data collection, which require consent from a user for their information to be collected and shared.
The increasing pace of digitization of the services in the corporate and government sectors has increased the demand for the collection of personal data. The usage of this data to check individual preferences and behavior online can be further utilised for business. The absence of any data privacy laws leaves it completely to the business choice to protect data, leading to mishandling of data and big financial frauds. Hence making the need for an appropriate privacy legal framework becomes critical.
The amount of data shared by citizens directly or indirectly with the various entities have made it crucial to ensure that individual users have autonomy and control over their personal data. Understanding the need for a strong and structured privacy regime to govern the processing of the data, the Indian Government has introduced a draft for the Personal Data Protection Bill (PDPB).
This draft covers the data privacy of personal data of individuals across the data life cycle that covers the collection, transfer, process, disclosure, and disposal. It has similarities to the other leading global data protection regulations like EU's General Data Protection Regulations (GDPR). The draft also covers obligations of the data fiduciary, such as lawfulness, limitations, storage limitation, quality of personal data, etc.
PDPB gives some rights similar to the other compliances like GDPR and CCPA, like -
- The right to access data
- The right to correction
- The right to data portability
- The right to erasure
- The right to be forgotten
The organisations need to ensure the fulfilment of data rights access and automate the manual process on request.
PDPB includes restrictions around data minimization, ensuring the data is collected only to the extent it is necessary for purposes of processing personal data. The law gives strict retention requirements for data retention policies that organisations can ac6t on swiftly.
The PDPB focuses on the categorization of the data ensuring that companies must contextualise data with identity profiling and indexing that covers all types of sensitive data across the organisation.
In terms of penalties, PDPB is very similar to GDPR, with fines of up to 4% of the company's global annual revenue. It also includes criminal penalties of up to three years of imprisonment and a $3,000 fine.
Quality of data and automation for better handling.
Application of immediate actions in case of data breaches.
Data processing in a legal way gives a better image to the business
Better data picture of the data being stored and processed by the organisation.