Downloaded 50 times
More Related Content
Similar to Digital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptx
- 1. The Digital Personal Data ProtectionAct, 2023 Dinesh Prasad Adv. 8285309526 Yoursupport.in Dinesh Prasad, Advocate- 8285309526
- 2. key features ofthe bill • The Bill seeks to provide for the protection of personal data and the privacy of individuals. • Applicability: The Bill applies to the processing of digital personal data within India where such data is: (i) collected online, or (ii) collected offline and is digitised. • It will also apply to the processing of personal data outside India if it is for offering goods or services in India. Dinesh Prasad, Advocate- 8285309526
- 3. Consent: • Personal datamay be processed only for a lawful purpose after obtaining the consent of the individual. • A notice must be given before seeking consent. • The notice should contain details about the personal data to be collected and the purpose of processing. • Consent may be withdrawn at any point in time. • Consent will not be required for ‘legitimate uses’ including: (i) specified purpose for which data has been provided by an individual voluntarily, (ii) provision of benefit or service by the government, (iii) medical emergency, and (iv) employment. For individuals below 18 years of age, consent will be provided by the parent or the legal guardian. Dinesh Prasad, Advocate- 8285309526
- 4. Rights and dutiesof data principal: • An individual, whose data is being processed (data principal), will have the right to: (i) obtain information about processing, (ii) seek correction and erasure of personal data, (iii) nominate another person to exercise rights in the event of death or incapacity, and (iv) grievance redressal. • Data principals will have certain duties. They must not: (i) register a false or frivolous complaint, and (ii) furnish any false particulars or impersonate another person in specified cases. Violation of duties will be punishable with a penalty of up to Rs 10,000. Dinesh Prasad, Advocate- 8285309526
- 5. Obligations of datafiduciaries: • The entity, determining the purpose and means of processing, (data fiduciary), must: (i) make reasonable efforts to ensure the accuracy and completeness of data, (ii) build reasonable security safeguards to prevent a data breach, (iii) inform the Data Protection Board of India and affected persons in the event of a breach, and (iv) erase personal data as soon as the purpose has been met and retention is not necessary for legal purposes (storage limitation). Dinesh Prasad, Advocate- 8285309526
- 6. Significant data fiduciaries: •Certain data fiduciaries may be designated as significant data fiduciaries. • Certain factors must be taken into regard such as: (i) volume and sensitivity of personal data processed, (ii) risks to the rights of data principals, (iii) security of the state, and (iv) public order. These entities will have certain additional obligations including: (i) appointing a data protection officer, and (ii) undertaking impact assessment and compliance audit. Dinesh Prasad, Advocate- 8285309526
- 7. Exemptions: • Rights ofthe data principal and obligations of data fiduciaries (except data security) will not apply in specified cases. • These include: (i) prevention and investigation of offences, and • (ii) enforcement of legal rights or claims. Dinesh Prasad, Advocate- 8285309526
- 8. Cross-border transfer: • TheBill allows the transfer of personal data outside India, except to countries restricted by the government through notification. Dinesh Prasad, Advocate- 8285309526
- 9. Processing of personaldata of children: • While processing the personal data of a child, the data fiduciary must not undertake: (i) processing that is likely to cause any detrimental effect on the wellbeing of the child, and (ii) tracking, behavioural monitoring, or targeted advertising. Dinesh Prasad, Advocate- 8285309526
- 10. Data Protection Boardof India: • The central government will establish the Data Protection Board of India. • Key functions of the Board include: • (i) monitoring compliance and imposing penalties, • (ii) directing data fiduciaries to take necessary measures in the event of a data breach, and • (iii) hearing grievances made by affected persons. • Board members will be appointed for two years and will be eligible for re-appointment. Dinesh Prasad, Advocate- 8285309526
- 11. Penalties: • The scheduleto the Bill specifies penalties for various offences such as up to: • (i) Rs 200 crore for non-fulfilment of obligations for children, and • (ii) Rs 250 crore for failure to take security measures to prevent data breaches. Dinesh Prasad, Advocate- 8285309526
Editor's Notes
- #3 S.2 (13) “personal data” means any data about an individual who is identifiable by or in relation to such data; S. 2(16) “processing” in relation to personal data means an automated operation or set of operations performed on digital personal data, and may include operations such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction;
- #4 S. 7 Consent
- #5 Chapter 3: RIGHTS & DUTIES OF DATA PRINCIPAL
- #6 In case of government entities, storage limitation and the right of the data principal to erasure will not apply. CHAPTER 2: OBLIGATIONS OF DATA FIDUCIARY S. 2(5) “Data Fiduciary” means any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data;
- #8 S. 18. Exemptions.
- #10 S. 10 Additional obligations in relation to processing of personal data of children
- #11 S. 19 Data Protection Board of India
- #12 S. 25. Financial Penalty read with Schedule 1 of the act.