Compliance with personal Data Protection Bill regarding the processing of personal data of Indian citizens.
Over the last few years businesses have increasingly become data-driven leading companies to store greater amounts of personal data. This has led to companies becoming extremely attractive targets for cyber-criminals looking for personal data of citizens. As we can see from recent data breaches like the Justdial breach and Truecaller breach to name just a few, the scale and complexity of the attacks have been growing exponentially and the diversity of the companies that have been targeted is increasing.
The Government of India has woken up to this reality and have started taking steps to protect their citizens and by extension the data of their citizens by creating rules and regulations for companies to follow if they are to process personal information of their citizens.
The Indian government has drafted a set of regulations called the Personal Data Protection (PDP) Bill which will be tabled in the Parliament in the near future. The aim of this Bill is to protect the rights of Indian citizens vis-a-viz their personal data. This Bill places on your company a responsibility to process and store data in a manner that is compliant with this Bill.
All companies where a high amount of personal data is stored and processed will have to take adequate technical measures to comply with this Bill and protect the personal data under their control. If your company processes sensitive personal data like healthcare data, biometric data or financial data then the responsibility placed on your company to secure this data is higher. If your organization stores the data of minors, then efforts will have to be made to obtain the consent of the guardian before processing the data.
If your company fails to take steps to protect the personal data entrusted to it, the penalties are steep: 2% of the company’s global turnover or Rs. 5 crores for failure to follow proper procedures laid down in the Bill for performing a Data Protection Impact Analysis, conducting annual data audits or any other similar procedure and 4% of the company’s global turnover or Rs. 15 crores for processing personal data or sensitive personal data in a manner that is in violation of the Bill
Matrix3D will work along with your team to create policies and procedures that help you demonstrate your compliance posture to the regulatory body.
We help your team create forms so that data protection processes become more visible, traceable and record-oriented
We will help you conduct the following services for your organization
- Conduct a Data Protection Impact Analysis (DPIA) before you begin processing of personal data to understand the risks and take steps to mitigate the risks
- Perform Annual Data Audits in the form and procedure as mandated by the Data Protection Authority of India
These services that we provide will help you demonstrate to the regulatory body that your intent on being compliant with their requirements and are serious about safeguarding the personal data entrusted to you.