Advisories on Data Protection

It is a legal requirement to maintain and protect data which is in possession of data controller. These legal requirements include need for personal data to be processed fairly and lawfully, to be accurate and up-to-date, to have measures in place against any kind of loss or destruction and for personal data only to be transferred to countries with adequate levels of data protection in place.
Followed by the Supreme Court in the case of Justice K. S. Puttaswamy (Retd.) & Anr. v. Union of India & Ors. (W.P. (Civil) No. 494 of 2012, which declared ‘Right to Privacy’ as a fundamental right and raised concerns over misuse of data, the Government of India introduced Data Protection Bill, 2018 before the Parliament, which is likely to get President’s assent and be implemented. The bill has succeeded in explaining various duties of data controller and have termed their relation with data principle as ‘fiduciary’. Data fiduciaries are those who determines the purpose and means of processing of personal data, whereas the data processors are the ones who processes personal data on behalf of a data fiduciary.

The bill has elaborately defined the following obligations of data fiduciaries:

  • Personal information must be fairly and lawfully processed.
  • Personal information must be processed for limited purposes.
  • Information regarding data processing must be notified to Data principle.
  • Such Notification must be easily comprehensible and in multiple languages where necessary.
  • Personal information must be adequate, relevant and not misleading.
  • Personal information must be accurate and up to date.
  • Personal information data must not be kept longer than is necessary.
  • Personal information data can be transferred to other countries only when authorized by the state.
  • Personal data processing should be in compliance with the Bill.

Anyone, violating the rules laid down in the Bill, 2018 shall be liable for civil penalty (monetary penalty), which may extend to Rupees 15 Cr or 4% of the Worldwide turnover of the Data fiduciary in its preceding financial year, whichever is higher. The Violators, who knowingly, intentionally, or recklessly obtain, disclose, transfer or sell Personal Data (or SPD) shall also be liable for imprisonment ranging from 3 to 5 years.

Khurana & Khurana extends its services to advise and for consultations on the Data Protection Issues. Few of the advisories that are offered by Khurana & Khurana are:

  • Advisories on structuring Data Protection Policy.
  • Advisories to the Data Controller for data processing.
  • Advisories on obtainment of insurance policies and risk management mechanism.
  • Advisories on strategies to mitigate loss due to data breach.
  • Advisories and identification of the nature of data breach.
  • Advisories on transfer of personal data to other countries.

Click here for downloading the presentation on Legal and Moral Debates Around AI.

For more information on Data Protection Bill, 2018: Click Here