3
Please log in or register to do it.

 

The Indian Government has come up with a new Act Digital Personal Data Protection Act, drawing the boundaries of Data privacy in India. This law has garnered public attraction with the relevance in today’s scenario of new age Internet companies collecting personal data of customers without proper government guidelines.

This law states how data should be collected, analysed and stored by companies collecting the data of Indians. This law governs both companies in India or abroad who collect the data of Indian citizens. 

 

What is Personal data, according to the law?

The law does not exactly state the type of data, but here are is the list of data types which are considered to be personal data.

– Name

– Address

– Phone Number, Email

– Location data

– Online identifiers (IP address, cookies)

– Biometric data (fingerprints, facial recognition data)

– Financial information (bank account details, credit card numbers)

– Health information

– Date of birth

– Photographs and video

 

Guidelines for Companies 

The chapter 2 of the Act, defines the following obligations to be met by Companies collecting personal data.

>Purpose Limitation

Data Fiduciaries must process personal data only for specified, clear, and lawful purposes. Any additional purpose requires further consent.

>Data Minimization

Data Fiduciaries should ensure the collection of only necessary data for the intended purpose, avoiding excessive data accumulation.

>Accuracy and Storage Limitation

Fiduciaries must ensure the data’s accuracy and keep it updated. Personal data should not be retained beyond the purpose’s fulfillment unless required by law.

>Security Safeguards

Security measures must prevent unauthorized access and breaches, applying technical safeguards and notifying authorities and individuals of breaches. Erase data when consent is withdrawn or purposes are fulfilled. 

>Record-Keeping 

Companies are accountable for secure data processing, maintaining records of operations and breaches, ensuring data accuracy, and publishing contact information for data queries. 

>Grievance Redressal

Establish prompt grievance mechanisms, address issues within a set timeframe, and require internal redressal before involving the Board. Nominate representatives for rights if incapacitated or deceased.

>Children’s Data Protection

Special measures are required for processing children’s data, including obtaining parental consent and avoiding tracking or behavioral monitoring of children.

>Significant Data Fiduciaries 

Certain Fiduciaries may be classified as Significant Data Fiduciaries based on the volume and sensitivity of data processed, requiring additional compliance measures like appointing a Data Protection Officer and conducting periodic data protection impact assessments   .

 

Rights and Duties of Individual Users 

The rights and duties to be exercised by users according to the Act are as follows, according to chapter 3 of the Act.

>Right to Access Information

Data owners have the right to access a summary of their personal data being processed and information with companies their data has been shared.

>Right to Correction and Erasal 

Principals can request correction, completion, updating, and erasure of their personal data. Fiduciaries must comply unless retention is necessary for legal compliance.

>Grievance Redressal  

Principals have the right to readily available grievance redressal procedures provided by Fiduciaries. Unresolved grievances can be taken to the Data Protection Board.

>Nomination of Representatives  

Principals can nominate individuals to exercise their data protection rights in case of death or incapacity.

>Duties of Data Principal 

Principals must comply with applicable laws, avoid impersonation, and ensure accurate information provision while exercising their rights.

>Responsibility for Misuse 

Principals must not use their rights to harass or cause harm to others and must ensure they do not suppress material information or impersonate others while providing personal data   .

The 7 Working Parts of an Engine: A Comprehensive Guide
Ola Electric Bikes Launch with Sleek Design, Impressive Features