India: Personal Data Protection Bill

« Back to Glossary Index

India has a comprehensive data protection framework called the Personal Data Protection Bill (PDPB) that was introduced in 2019. The bill is based on the European Union’s General Data Protection Regulation (GDPR) and is designed to protect the personal data of Indian citizens.

The PDPB applies to both Indian and foreign entities that process personal data within India. It regulates the collection, processing, and storage of personal data and imposes strict penalties on non-compliance.

Under the PDPB, individuals have the right to access, correct, and delete their personal data. They also have the right to know how their data is being used and the right to withdraw consent for its processing.

The PDPB also requires data fiduciaries to implement technical and organizational measures to protect personal data from unauthorized access, disclosure, and destruction. Fiduciaries must conduct regular audits and maintain documentation of their data processing activities.

In addition, the PDPB establishes a Data Protection Authority (DPA) that will oversee data protection and enforce the provisions of the bill. The DPA will have the power to investigate and impose penalties for non-compliance.

Overall, the PDPB is an important step towards protecting personal data in India and bringing the country in line with global data protection standards. It will help to build consumer trust and promote the growth of India’s digital economy.

Download this Resource