What Are The Key Aspects Of Data Protection Law?

In the year 2018, the European Union of General Data Protection Regulation evolves the new laws in the field of information insurance and numerous organizations need to refresh their information security policies according to the rules set by the General Data Protection Regulation (GDPR). The users are now feeling much safer regarding their data and the company’s data are now safe and the crimes related to the data theft may decrease and the data of the users are now protected with strict laws and policies.

India is rapidly growing in the field of population growth and parallelly the internet users are also increasing at a great pace. Many of the domestic and foreign companies are setting up their technical institutions in India and they need a law that ensures their information and they work in a safe zone. For all those above-mentioned reasons, in 2019, the Personal Data Protection Bill (PDPB) was introduced in Lok Sabha by the Minister of Electronics and Information technology.

The reason for this Bill is to accommodate assurance of security of people identifying with their Personal information and to establish a Data Protection Authority of India for the said purposes and the issues concerning the individual information of a person. The Bill proposes to supplant the Information Technology Act, 2000 (Section 43-An) erasing the arrangements identified with remuneration payable by organizations for the inability to secure individual information. The PDPB entomb alia, endorses the way where individual information is to be gathered, prepared, utilized, uncovered, put away, and moved.

The key aspects of the Data Protection Law are as follows: –

1. Applicability: The PDPB proposes to apply to the preparing of individual information that has been gathered, revealed, shared or in any case handled inside the domain of India; By the assembly, any Indian Company, any inhabitant of India or any person or assemblage of people joined in India, and Remote organizations managing individual information of people in India. The PDPB will not have any significant bearing to the preparation of anonymized information, other than the anonymized information or other non-individual information to empower better focusing of conveyance of administrations or plan of proof-based approaches by the Central Government.

2. Commitments of Data Fiduciary: The handling of Personal Data will be dependent upon certain reason, assortment, and capacity confinements, for example, For an explicit clear and legitimate reason. An assortment of Personal Data will be restricted to such information that is vital for the motivations behind preparing. Notice is required to be given to the individual/information head for assortment or preparation of individual information. Individual information will be held uniquely for the reason for which it is prepared and will be erased toward the finish of the handling. Agree is required to be taken from the information head at the initiation of the information handling. Information Fiduciary must confirm the age and acquire parental assent when preparing delicate individual information of youngsters.

3. Preparing of Personal Data without assent: The Bill proposes handling of information by trustees just if the assent is given by the person. There are sure exemptions given under which Personal Data can be prepared without assent, for example,

(i) whenever required by the State for giving advantages to the individual,

(ii) lawful procedures,

(iii) to react to a health-related crisis,

(iv) work-related,

(v) important for sensible purposes, for example, counteraction of misrepresentation, mergers, and acquisitions, recuperation of obligation, and so forth.

4. Rights of an individual/ Data Principal: The Bill sets out specific privileges of the individual (or information head) which incorporates the privilege to: get affirmation from the trustee on whether their information has been handled; look for rectification of off base, deficient, or update individual information; information transportability have individual information alluded to some other information guardian in specific conditions; option to be overlooked: limit proceeding with exposure of their information by a guardian, if it is not, at this point essential or assent is pulled back.

5. Data Protection Authority: The Bill proposes a Data Protection Authority of India which will find a way to secure interests of people, forestall abuse of individual information, and guarantee consistency with the Bill and advance mindfulness about information assurance. Requests of the Authority can bespoke to an Appellate Tribunal. Offers against the request for the Tribunal can be documented at the Supreme Court.

6. Limitations on Transfer of information outside India: Delicate individual information might be moved outside India for handling if unequivocal assent is given by the individual, and subject to certain extra conditions. Be that as it may, such touchy individual information should keep on being put away in India. Certain individual information told as basic individual information by the administration must be handled in India.

7. Exemptions: The central government can absolve any office of the Government from the relevance of the Act on the off chance that it is important for the enthusiasm of sway and trustworthiness of India, the security of the State, and benevolent relations with remote states, for forestalling induction to the commission of any cognizable offense identifying with the above issues. Handling of individual information is likewise excluded from arrangements of the Bill for certain different purposes, for example,

  1. counteraction, examination, or arraignment of any offense, or
  2. individual, household, or
  3. journalistic purposes,
  4. to explore chronicling or measurable reasons.
  5. Risk of non-compliance with PDPB: There are two levels of punishments and remunerations:

The disappointment of the information trustee to satisfy its commitments for information security might be culpable with a punishment which may degree to Rs.5 crores or 2% of its complete overall turnover of the first money related year, whichever is higher. Preparing information infringing upon the arrangements of the PDPB is culpable with a fine of Rs.15 crores or 4% of the yearly turnover of the information trustee, whichever is higher. Re-distinguishing proof and handling of de-recognized individual information without assent is culpable with the detainment of as long as three years, or fine, or both.

According to the PDPB being sanctioned into an Act, there are a few compliances to be trailed by associations preparing individual information to guarantee the security of protection of people identifying with their Personal Data.

Assent of the individual would be required for preparing individual information. In light of the sort of close to home information being prepared, associations should survey and update information insurance arrangements, codes to guarantee these are steady with the re-examined standards, for example, update their interior penetrate notice methods, execute fitting specialized and hierarchical measures to forestall abuse of information, Data Protection Officer to be designated by the Significant Data Fiduciary, and founding complaint redressal components to address objections by people.

This Article Written by Shubham Kumar Jha, Student of New Law College, Bharati Vidyapeeth, Pune, Maharastra.

Also Read – Right to Privacy in India: Evolution and Legal Analytical Study

Law Corner

Leave a Comment