• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  News  /  What India’s data protection law might mean for your business
India's data protection law
06 August 2018

What India’s data protection law might mean for your business

Written by Ankita Ashesh
Ankita Ashesh
News
  • 305
    Shares
Estimated reading time: 3 minutes

India has taken a step forward towards laying down a proper policy for data protection. The Srikrishna Committee, a 10-member expert committee headed by former Supreme Court judge BN Srikrishna and appointed by the Indian government in August 2017 to “identify key data protection” issues finally submitted a report and a draft bill providing a legal framework for data privacy in the country in the end of July.

The full 213-page report along with the 67-page draft bill can be read on the Ministry of Electronics & Information Technology’s website and provides a detailed insight into the contours of how data protection in India could look like. While everything is still in theory and the Srikrishna panel have only provided a draft bill which needs to be passed by the Parliament, any policy which comes into place will most probably not diverge a lot from the bill in question. In that context, it is important for businesses, small and big, to analyse, understand and if required, start making the required changes.

For businesses, the following key points need to be taken note of:

  • The bill proposes that the new upcoming law will have jurisdiction for any data processed in India. Even for data collectors, which the report refers to as “data fiduciaries”, which are not present in India but carry activities that affect data principals would fall under the purview of this law.
  • An independent regulatory body called the Data Protection Authority (DPA) will be set up by the law which will be responsible for the effective enforcement of the law.
  • Certain data fiduciaries, which are categorized by the DPA as significant data fiduciaries “based on their ability to cause greater harm to data principals as a consequence of their data processing activities”. These significant data fiduciaries will have to undertake obligations such as (i) Registration with the DPA; (ii) Data Protection Impact Assessments; (iii) Recordkeeping; (iii) Data audits; and (iv) Appointment of a Data Processing Officer. The DPA can require that any other data fiduciaries may have to undertake these obligations as well.
  • Similar to the European Union’s General Data Protection Regulation (GDPR), penalties may be imposed upon data fiduciaries and compensation may be awarded to data principals for violation of data protection law. The penalties imposed would be an amount up to the fixed upper limit or a percentage of the total worldwide turnover of the preceding financial year, whichever is higher.
  • Sensitive personal data will include passwords, financial data, health data, official identifier, sex life, sexual orientation, biometric and genetic data, and data that reveals transgender status, intersex status, caste, tribe, religious or political beliefs or affiliations of an individual.
  • Consent will be a lawful basis for processing of personal data. For consent to be valid it should be “free, informed, specific, clear and capable of being withdrawn”.
  • All processing of personal data by data fiduciaries must be fair and reasonable.
  • There shall be obligations of data quality and storage limitation on data fiduciaries.
  • The right to data portability, subject to limited exceptions, should be included in the law.
  • The right to be forgotten may be adopted, with the Adjudication Wing of the DPA determining its applicability on the basis of certain criteria.
  • Personal data determined to be critical will be subject to the requirement to process only in India
  • Other types of personal data (non-critical) will be subject to the requirement to store at least one serving copy in India
  • In the draft of the bill provided, any offence punishable under it has been categorized as cognizable and non-bailable

There are various other points but these are the major points which will have an effect on the way business do operations in India. Hence, for many multinational corporations like Facebook, Google or Whatsapp, they will have to ensure that the data they collect from Indian users is protected under the data protection day. They will also be required to store a copy in India which may increase costs of servers.

The other important part is that data fiduciaries which are considered “significant” will also be have to ready to undergo various different compliance measures which they must prepare for from now. The Data Protection Bill 2018, while having not come into effect as yet, surely shows the way for a future framework of data legislation in India. Businesses must take heed and start laying the groundwork for now so they are not caught unprepared when it comes into effect.

As an IT security partner for your business, Seqrite provides comprehensive security from advanced cyber threats. To know more

 Previous PostPOS security vulnerabilities for retail industry
Next Post  What is EMM? Enterprise Mobility Management explained
Ankita Ashesh
About Ankita Ashesh

...

Articles by Ankita Ashesh »

Related Posts

  • Cybersecurity roundup – Jan to April ‘19

    May 22, 2019
  • Cybersecurity Predictions for 2019

    February 22, 2019
  • social media

    How are social networking accounts used for malicious purposes?

    February 18, 2019

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.