The Personal Data Protection Bill 2019was introduced in the Indian Parliament in December 2019 and is currently undergoing analysis by JPC. JPC has recommended that ambit of the Data protection bill in India needs to expand to focus more on the digitization and localization of data. JPC also wants that the final Data protection bill to include nonpersonal data (not merely securing personal data), which comprises of sensitive and critical data.
The draft PDPB covers the data privacy of personal data of individuals across the data life cycle that includes collection, transfer, process, disclosure and disposal. Draft PDPB has few elements which are similar to other leading global data protection regulations like EU’s General Data Protection Regulation (GDPR). Draft PDPB also covers the obligations of the data fiduciary, such as lawfulness in processing the personal data, purpose limitation, collection limitation, storage limitation, quality of personal data, etc.
The draft PDPB in the present state also outlines provisions of tough penalties in response to data security breaches. The draft data privacy law calls for data fiduciaries to proactively develop privacy strategies to address privacy obligations and shift the way they approach data privacy. The data fiduciaries will have to establish organization-wide privacy responsibility and accountability for data privacy and might even warrant revamp of a few business processes to streamline data visibility.
The draft PDPB has the following key areas that have been covered as part of the framework which should support India with robust data privacy structure.