As a Cyber Security Expert, I was concerned about the Data Protection Bill of India, and, Finally, The Ministry of Electronics and Information Technology moved a step ahead.
In this post, we will discuss how the bill is effectively helpful for individuals and how much pressure it may create for the IT industry in India.
Of course, I am not an expert on digital laws, but as an Ethical Hacker, I have spent my time in European Bug Bounty Platforms and the Underground Hacker's Market Places. I also have good knowledge of the countries that deal with data protection.
Previously many IT laws appeared with a bang and were withdrawn silently; however, this bill is heavily inspired by the EU GDPR. Still, not enough. It has to implement a lot.
Digital Personal Data Protection Act, 2022.
- There will be a separate board for Data Protection by the Government of India. Called "Data Protection Board of India" for taking accountability for those who did not follow the Act
- The Personal Data can be processed for lawful purposes only. That means a data firm may collect data and process it as long as it doesn't go against the law
- Before asking for Personal data, the companies must tell the users why they collect data.
- The Data Processors (Companies) must take strict security safeguards to prevent data breaches.
- Companies should ensure they have the Data Protection Officer responsible for answering the Question of Data Protection.
- In Case of a Data Breach, the Companies (Data Processors, Every Data Fiduciary) have to report to the Board.
- Companies should remove the personal data of their users if that is no longer necessary for their business purposes.
- When Processing a child's data, companies should ensure they have gone through parental consent and ensure there will be no harm or targeted advertising.
- The Transfer of Personal data outside India has limitations. Still, it has exceptions for Claiming legal rights, processing by the court, or In the interest of detection, prevention, investigation etc., by the Government.
- There will be heavy penalties if any Company, Business doesn't follow this Data Protection Act.