An update on the data protection law
December brought in some good news as a hopeful end to 2019. With the whole security scenario getting more complicated by the day, the developments surrounding the Data Protection Law gave those of us involved in cybersecurity some much-needed morale boost. The Personal Data Protection Bill got the Union cabinet’s approval in early December and was tabled in a cabinet parliament session, which concluded on December 13. It was in July 2018 that the committee, led by Justice BN Srikrishna, submitted its draft bill to the Ministry of Electronics and Information Technology (MEITY).
1.1 What does the Bill entail?
The Personal Data Protection Bill, 2019 is focal due to the pressing need to refine data protection and data privacy. The domains of DPL spans across online platforms, apps, social media and web services (including those provided by the government).
Before the Bill came into the picture, there were no stringent data laws regarding data collection policies and safeguarding of personal data. No penalties were issuable in case data got misued by a data collection entity.
“With there being constant news about how user data has been compromised / misused by people with malicious intent, there is an increasing need to have proper guidelines in place to secure confidential data. We welcome the initiative by the Government of India to table the data protection bill in the current session of parliament. The bill is expected to spell out a framework, which would include the processing of personal and private data by public and private entities.”
-Bhavin Turakhia, Founder & CEO, Flock, a communication platform for collaborative project management and more.
1.2 What does it mean for the common public?
For individual users, the Data Protection Law means that all data collection by the above-mentioned platforms must be carried out only after clear consent. Data will be categorized into general, sensitive, or critical. Collected data will be safeguarded against misuse and heavy penalties instituted if a user’s data is used without consent.
Reports suggest any company or entity found in violation of the DPL could be penalized for as much as Rs 15 crore, or 4 percent of their global turnover. Moreover, a data breach will cost the organization a staggering Rs 5 crore of 2 percent of the global turnover.
“We welcome the Cabinet’s decision to pass the bill on personal data protection. This bill will help India and its citizens to fight threats and safeguard our country’s data integrity, sovereignty and security.”
-Ramesh Mamgain, Area Vice President India and SAARC Region from Commvault, a data management company
The new law also protects India, geographically. It could very well mandate that data collected from Indians must be stored within India, even if a copy exists anywhere else in the world. This will be particularly important for social media organizations and techies such as Facebook which owns WhatsApp, Google and Twitter. This also covers financial data collection, especially data that falls into the critical category.
Overall, the Personal Data Protection Bill was a step in the right direction. At Logix we took the law in the right spirit, and we feel the institution of stringent laws only serves to drive us harder to provide the best service we can. For us, trust matters. And in that vein, we prioritize maintaining the data integrity of your data above all. We adhere to strict SOC 2 Type II guidelines & are a SOC 2 Type II compliant organization.
Eager to nurture our customers right from the beginning, we’ve invested extensively in developing our infrastructure for providing 24* 7 Support to all our Customers through our Support Operation Centre based in Navi Mumbai & have also achieved ISO 9001 :2015.