In July this year, the Justice BN Srikrishna committee projected India’s Personal Data Protection Bill, 2018 to the Centre. With an aim to form a comprehensive framework for data protection suggesting corporations to adopt certain practices to gather, process and store consumers’ information.
The 2018 Personal Data Protection Bill draft that corresponds the EU’s General Data Protection Regulation (GDPR) and comes with the ambiguities. It has its own pain points, a PricewaterhouseCoopers (PwC) and also the Associated Chambers of Commerce and industry of India’s (Assocham) collaborative finding aforesaid.
The draft recommends that each data fiduciary shall make sure the storage, on a server or data center located in India of at least one serving copy of the personal information. This Act applies which means that corporations would be needed to create servers locally. As the move to permit data fiduciaries to save a local copy of all personal information that’s stored outside the boundaries of India might have some negative consequences.
Following the Supreme Court’s recognition of the ‘right to privacy’ as a basic right under the Constitution of India in August 2017. The draft Bill guidelines have attracted a lot of attention within the country. Therefore, the study conjointly found out that the system integrity is also threatened when purging the information.
The exclusion of anonymized information can significantly bring down the obligations on entities each within the private and public sector. As it is recommended that so as to forestall damage to specific teams of people, the limitation of the process and publishing an analysis of anonymized information ought to be evolved.
Data destruction might compromise system integrity in several legacy and CRM systems as these aren’t built to permit data destruction or anonymization. In order to avoid important business ramifications because of data breaches, organizations got to define a well-defined testing mechanism to assess readiness to address any eventualities. The organization can get to limit the collection and reuse of information in line with the consent obtained from the information subjects.
Therefore, the report recommended that the bill ought to propose a layered approach for levying penalties for non-compliance on organizations.