Personal Data Protection Bill 2018
One would know by now that if you desire to keep some information personal then you should not submit any such information on social media platforms such as Linkedin, Facebook, Twitter, Instagram, Whatsapp, and Telegram, etc. Personal data could be utilized for various causes which could be either good or bad. More important than this is a close reality of utilization of personal data for AI and Blockchain and its use in the field of financial services, insurance services, and securities markets, etc. Therefore, to protect the general public from improper usage of its data, the Government of India has introduced the Personal Data Protection Bill, 2018 (the ‘Bill’).
The person to whom data relates is a ‘Data Principle.’ The person who determines the purpose and means of processing of personal data (‘Data Fiduciary’) and the person who perform job work for him (‘Data Processor’) are under certain obligations. The Bill casts an obligation upon the registered Data fiduciary and Data Processor to ensure that:
- To take prompt and appropriate action in response to a data security breach;
- To undertake data protection impact assessment;
- Conduct a data audit; and
- Appoint a data protection officer by the terms of the Bill.
- Comply with the obligations relating to fair and reasonable processing, processing only for the clear, specific and lawful purpose, issuance of the notice, data quality, storage limitations, and accountability;
- To process the personal data with fair, specific, precise and capable of being withdrawn consent;
- To process the sensitive personal data with the explicit consent
- To comply with the conditions for cross-border transfer of personal data;
- To comply with the regulation concerning de-identification and encryption, the integrity of personal data and to prevent misuse, unauthorized access, modification, disclosure or destruction of personal data.
- Comply with the requests of Data Principal.
- Ensure that it is ready to issue a consent notice to the Data Principal and the consent is free, informed, specific, clear and capable of being withdrawn;
- Ensure that the data is used for the specified purpose;
- Ensure that the data processed is complete, accurate, not misleading and updated;
- Ensure that the purpose to process the data is aligned with the provisions of the Bill;
- Ensure that the Data Principal could freely exercise certain rights such as Right to Confirmation and Access, Right to Correction, Right to Data Portability, and Right to be forgotten.
- Ensure that the privacy should be maintained by design to anticipate, identify and avoid harm to the Data Principal;
- Ensure transparency regarding its general practices related to personal processing data and that such information is easily accessible;
- Ensure that it uses security safeguards such as de-identification and encryption integrity of personal data and prevent misuse, unauthorized access to, modification, disclosure or destruction of personal data.
- Review its Data Privacy and Confidentiality Policy.
Tag: Bill, Data protection, Government of india, Personal data