Data Privacy for individuals has become a primary concern for business, legal and human rights organizations. IT became especially important in India, where your personal data could have been bought and sold for pennies.
Companies have been known to continually flout rules and ignore the privacy of the people. Even today, India lacks any formal data protection regime that can protect people against gross violations of their privacy in today’s networked world.
India is finally moving towards having its own data protection law after the Srikrishna Committee submitted its initial assessment and recommendations in a report on data privacy and management in 2018. This was accompanied by a draft of the legislation on data protection titled Personal Data Protection Bill, 2018.
- The right to have personal data minimized.
- The right to have knowledge as to where the data is being stored.
- The right to have access to the data, to correct it.
- The right to be forgotten wherein the data subject has the right to ask the company to delete their personal data permanently.
The Bill, when implemented, will require the enterprises to review their current systems and policies and invest in upgraded IT design and infrastructure to comply with the requirements of the Bill.
Additionally, for greater accountability, companies processing large data volumes might have to register themselves as significant data fiduciaries to the Data Protection Authority–a key recommendation made by the Srikrishna Committee. It may increase compliance costs in terms of rewiring systems, periodic company audits and hiring data protection specialists among others. However, this law can be a godsend for the Indian technology industry, opening billion-dollar local business opportunities.