Author: khelender
The Justice B. N. Srikrishna committee submitted a draft Personal Data Protection bill to Parliament on 27-July-2018.
This overview highlights the bill from the perspective of users (data principals) and organizations (data fiduciaries).
Entities involved
- Data Principal (user)
- Data Fiduciary (service provider/organization)
- Data Protection Authority
- Adjudicating Officer
User rights
- Ask whether data is captured and what it contains
- Correct or dispute data
- Request deletion in select cases
- Request portable data
- File complaints with the DPA
Provider obligations
- Provide clear notice and consent mechanisms
- Ensure data quality and retention controls
- Maintain accountability across the data lifecycle
- Run audits and privacy impact assessments
- Appoint a DPO where required
Breach, offences, and penalties
The act includes strict penalties for non-compliance and breaches, including financial penalties and legal consequences.