Data Protection Practice

Data Protection Law FirmIt is a legal requirement to maintain and protect data that is in possession of Data Controller. These legal requirements include need for personal data to be processed fairly and lawfully, to be accurate and up-to-date, to have measures in place against any kind of loss or destruction of data and for personal data to be transferred to countries only which offer adequate levels of data protection and have the requisite systems in place.

Followed by Supreme Court in the case of Justice K. S. Puttaswamy (Retd.) & Anr. v. Union of India & Ors. (W.P. (Civil) No. 494 of 2012, which declared ‘Right to Privacy’ as a fundamental right and raised concerns over misuse of data, the Government of India introduced Data Protection Bill, 2019 before the Parliament, which is likely to get President’s assent and be implemented. The bill has succeeded in explaining various duties of data controller and have termed their relation with data principle as ‘fiduciary’. Data fiduciaries are those who determines the purpose and means of processing of personal data, whereas the data processors are the ones who processes personal data on behalf of a data fiduciary.

The bill has elaborately defined the following obligations of data fiduciaries:

  • Personal information must be lawfully processed.
  • Personal information must only be processed for absolutely essential and limited purposes.
  • Information regarding any data processing must essentially be notified to the Data principle.
  • This Notification must be comprehensible.
  • This Notification should also be in multiple languages, wherever necessary.
  • Personal information must be adequate, relevant.
  • Personal information must not be misleading.
  • Personal information must be up to date.
  • Personal information must not be stored longer than what might be necessary.
  • Personal data processing should be in compliance with the statute.

Anyone found in violation of the rules laid down, shall be liable for civil penalty (monetary penalty), which may extend up to Rupees 15 Cr or 4% of the total turnover of the Data fiduciary in the previous financial year. The Violators, who knowingly, intentionally, or recklessly obtain, disclose, transfer or sell Personal Data (or SPD) shall also be liable for imprisonment ranging from 3 to 5 years.

Khurana & Khurana extends its services to advise and for consultations on Data Protection Issues. Exemplary services that are offered by Khurana & Khurana in this domain include but are not limited to:

  • Structuring Data Protection Policy.
  • Advising Data Controllers, Data Processors, and Intermediaries on various data processing and management aspects including their obligations and liabilities.
  • Advising clients in relation to obtaining insurance policies and risk management mechanism.
  • Advising clients on strategies in order mitigate losses in cases of data breach.
  • Identifying nature of data breach.
  • Advising clients on transfer of data internationally.
  • Advising clients on GDPR Compliances and drafting associated documentation including reviewing/auditing IT systems to ensure compliances.

Click here for downloading an exemplary presentation on Legal and Moral Debates Around AI.

For more information on Data Protection Bill, 2018: Click Here