India Passes New Digital Personal Data Protection Bill (DPDPB)
The Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill (DPDPB) after it was unanimously passed by both houses of the parliament last week, marking a significant step towards securing people’s information.
“The Bill provides for the processing of digital personal data in a manner that recognizes both the rights of the individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto,” the Indian government said.
The Digital Personal Data Protection (DPDP) bill was passed unanimously in the Rajya Sabha this Wednesday while the lower house passed the bill on Monday
Key Features of the Act:
- Firms dealing with user data must protect personal data even if it is stored with a third-party data processor
- In case of a data breach, companies must inform the Data Protection Board (DPB) and users
- Children’s data and data of physically disabled persons with guardians must be processed after consent from guardians
- Firms must appoint a Data Protection Officer, and provide such details to users
- Appeals against DPB decisions to be heard by the Telecom Disputes Settlement and Appellate Tribunal
- It may summon, examine people under oath, inspect books, and documents of companies working with personal data
- It may advise the government to block access to an intermediary, if DPDP act provisions are breached more than twice
- Penalties can go up to Rs 250 crore for a data breach, failure to protect personal data or inform DPB and users of the breach
