We’ve all been bored stiff with articles about GDPR, but the reach of the strict new data protection law goes further than just the UK and Europe. India has just released the Personal Data Protection Bill 2018 and it is effectively a rework of the EU’s GDPR law and aims to bring positive change to the way that personal data is stored and handled in India, with its fast growing digital economy.
The bill is set to transform data protection in India, allowing users, for the first time, to gain rights to control their own personal data. Some of its key features:
- Foreign entities undertaking data processing in connection with any business in India will fall under this proposed bill
- The data processor must only permit fair, reasonable and lawful processing of personal data
- The law outlines three types of data:
- Personal data refers to data relating to a data principle (person).
- Sensitive data refers to including any personal data which is directly related to passwords, or financial/health data.
- Critical data is defined as anything which can cause detrimental damage to a business and its loss of revenue and is not necessarily about a person
- Processing of any personal data must have the consent of the data principle and the person has the right to be withdrawn.
- Age verification and parental consent processes must be in place if the person is under 18
- Data users must have the right to confirm, access and be able to correct inaccuracies in their personal data.
- A Data Protection Officer has to be appointed if a data fiduciary (a person or organisation that owes to another the duties of good faith and trust), is not present in India
- Every data fiduciary shall store at least one copy of personal data on a server located in India.
For more information on data protection requirements in the UK, India or anywhere else in the world, please contact the team at PromoVeritas; firstname.lastname@example.org or 0203325 6000