Loading ...

Personal Data Protection Bill, 2018: What does it mean for your company

India will have its own data protection law like GDPR in EU, which will safeguard the interest of the citizens and protect their personal data. It will aim to check the data collection, processing, and profiling by private companies as well as government institutions. The draft is officially known as “Personal Data Protection Bill, 2018.” 


The government of India has extended the deadline for public comments on the bill to October 10. Experts can put their comments and views over the draft. The Personal Data Protection Bill, 2018 was uploaded on the Ministry of Electronics & IT’s website on August 16th.


This is considered as the toughest law in the country over the data protection. Some of the important clauses of the bill are setting up a regulatory board to monitor the laws over the data protection, making provision to follow data processing by the companies in India only and a heavy penalty for data violators. 


The Srikrishna Committee headed by BN Srikrishna, retired Supreme Court Judge, has submitted its recommendation to the ministry recently. After enactment of the Bill, it will have a huge impact on sectors including tech industries.


India has been developing rapidly in the global digital market with more than 500 million internet users and hefty online users in e-commerce domain. Internet penetration has been growing fast for the last five years.


Assurance on Data Protection from Industry Bodies


Technology majors like Data Security Council of India (DSCI) and NASSCOM are advocating for a stringent data protection law to safeguard the citizens and to stop any misuse of the personal data of the people. Security and data privacy are the major challenges for the online users.  In order to help the companies, DSCI has come up with a Privacy Assurance Framework. Other industry bodies have been gearing up for the implementation of the legislation in the interest of the users as well as of the companies.


The growth of the digital economy is crucial for the all-round development. Companies, industry bodies and agencies need to work to spread awareness over data privacy and security measures in the digital environment.


Acceptance of Data Protection Bill by Indian Companies  


Indian companies including tech and finance industries welcome the data protection bill. Supreme Court declares “Privacy is the constitutional core of human dignity" in its historic judgment over privacy. Companies are not keen to take security measures to guard their consumers’ data. Indian tech industry is putting efforts to implement best practices in data security. Some of the banks and insurance companies have been implementing blockchain infrastructure to safeguard their customers’ data.


Demand for Skilled Privacy Professionals and Specialists


 There is a huge demand for data professionals in the tech industry as the companies are seriously aiming to secure the data of customers. After the enactment of the bill, the demand for these skills will increase rapidly. As per the bill, the companies need to pay a hefty amount of penalties for violation or data breach.  


Some of the important Definitions in Personal Data Protection Bill, 2018


Data” means and includes a representation of information, facts, concepts, opinions, or instructions in a manner suitable for communication, interpretation, or processing by humans or by automated means;

Data fiduciary” means any person, including the State, a company, any juristic entity or any individual who alone or in conjunction with others determines the purpose and means of processing of personal data;

Data principal” means the natural person to whom the personal data referred to in subclause (28) relates;

Personal data” means data about or relating to a natural person who is directly or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of the identity of such natural person, or any combination of such features, or any combination of such features with any other information;

Personal data breach” means any unauthorized or accidental disclosure, acquisition, sharing, use, alteration, destruction, loss of access to, of personal data that compromises the confidentiality, integrity or availability of personal data to a data principal;

Profiling” means any form of processing of personal data that analyses or predicts aspects concerning the behavior, attributes or interest of a data principal;


The act is in the interest of the users in regard to their personal data. It will also check the misuse or manipulation of the data for wrong reasons by some companies. The online users will be getting more privilege over their data and once the law is enacted, they can ask the concerned companies for ‘data forget’ or ‘erase data.’