Blog

Does India have a data privacy law?

By Ayaz Keith

Does India have a data privacy law?

It will be India’s first law focusing solely on data privacy and protection. It covers: Requirements for notice and prior consent for the use of individual data. Establishing a separate regulator called the Data Protection Authority of India (DPA) to protect and regulate the use of citizens’ personal data.

Is GDPR applicable in India?

The General Data Protection Regulation (GDPR) is one such legislation, enacted in 2018 for the protection of personal data of all member states of the European Union. India is yet to enact the draft legislation on data protection known as the Personal Data Protection (PDP) Bill, 2018.

How long should data be retained as per GDPR guidelines?

As per the General Data Protection Regulation (GDPR), any personal data must not be kept any longer than it is necessary for the purpose for which the personal data is processed. This further means there is a time limit on how long customers’ data can be kept intact. Though there is no specified time limit.

What is data protection law in India?

Under the upcoming data protection law, data fiduciaries and processors are required to implement security safeguards that use de-identification, encryption, steps to protection personal data integrity and to prevent misuse, unauthorized access, modification, disclosure or destruction of personal data.

What are the rules and regulations in India for data collection?

The PDP Bill proposes that the processing of personal data must comply with seven principles for processing, namely: (i) processing of personal data has to be fair and reasonable; (ii) it should be for a specific purpose; (iii) only personal data necessary for the purpose should be collected; (iv) it should be lawful; …

Which act in India focus on data protection and data privacy?

Overview. In the absence of specific legislation for data protection in India, the Information Technology Act 2000 (the IT Act) and a collection of other statutes stand in for this purpose. The Court specified that this right includes, inter alia, the right to informational privacy.

What is GDPR equivalent in India?

Comparison: Indian Personal Data Protection Bill 2019 vs. GDPR. This chart provides a high-level comparison between the European Union’s General Data Protection Regulation (“GDPR”) and India’s Personal Data Protection Bill 2019 (“PDPB 2019”).

What is the maximum length of time you can hold data for?

You can keep personal data indefinitely if you are holding it only for: archiving purposes in the public interest; scientific or historical research purposes; or. statistical purposes.

What is the data privacy law?

10173, otherwise known as the Data Privacy Act is a law that seeks to protect all forms of information, be it private, personal, or sensitive. It is meant to cover both natural and juridical persons involved in the processing of personal information.

Who is responsible for data privacy in India?

Under section 69-A of the IT Act read with the Information Technology (Procedure & Safeguards for Blocking for Access of Information by Public) Rules 2009, either the Central Government, through its designated officers, or competent courts, through orders, may direct any agency of Government or any intermediary to …

What is data privacy regulations?

Data privacy laws specify how data should be collected, stored, and shared with third parties. The most widely discussed data privacy laws include: GDPR: The European Union’s General Data Protection Regulation (GDPR) is the most comprehensive data privacy law in effect.

What are the Information Technology Rules 2011?

The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 only apply to bodies corporate and persons located in India.

When did the 2011 rules on data privacy come into effect?

Pursuant to the mandate given to the Central Government under Section 43A, the 2011 Rules were framed and for the first time, with effect from March 28, 2012 2, India had a legal regime for data privacy. Do the 2011 Rules apply to all Types of Personal Data or only to Sensitive Personal Data?

What is personal data under the SPDI rules?

Personal data: Under the SPDI Rules, ‘personal information’ is any information that relates to a natural person, which either directly or indirectly, in combination with other information available or likely to be available by a body corporate, is capable of identifying such person.

What are the data protection requirements in India?

In general, Indian data protection requirements are located in multiple diverse sources, including: Unified Licence Agreements issued pursuant to the National Telecom Policy, 2012 by the Department of Telecommunications (‘DOT’). Most companies, regardless of sector, are most keenly impacted by the IT Act and the SPDI Rules.