It is a legal requirement to maintain and protect data which is in possession of data controller. These legal requirements include need for personal data to be processed fairly and lawfully, to be accurate and up-to-date, to have measures in place against any kind of loss or destruction and for personal data only to be transferred to countries with adequate levels of data protection in place.
Followed by the Supreme Court in the case of Justice K. S. Puttaswamy (Retd.) & Anr. v. Union of India & Ors. (W.P. (Civil) No. 494 of 2012, which declared ‘Right to Privacy’ as a fundamental right and raised concerns over misuse of data, the Government of India introduced Data Protection Bill, 2018 before the Parliament, which is likely to get President’s assent and be implemented. The bill has succeeded in explaining various duties of data controller and have termed their relation with data principle as ‘fiduciary’. Data fiduciaries are those who determines the purpose and means of processing of personal data, whereas the data processors are the ones who processes personal data on behalf of a data fiduciary.
The bill has elaborately defined the following obligations of data fiduciaries:
Anyone, violating the rules laid down in the Bill, 2018 shall be liable for civil penalty (monetary penalty), which may extend to Rupees 15 Cr or 4% of the Worldwide turnover of the Data fiduciary in its preceding financial year, whichever is higher. The Violators, who knowingly, intentionally, or recklessly obtain, disclose, transfer or sell Personal Data (or SPD) shall also be liable for imprisonment ranging from 3 to 5 years.
Khurana & Khurana extends its services to advise and for consultations on the Data Protection Issues. Few of the advisories that are offered by Khurana & Khurana are:
For more information on Data Protection Bill, 2018: Click Here