On 24th August 2017, A 9 Judge Bench of the Supreme Court delivered a unanimous verdict in Justice K.S. Puttaswamy vs. Union of India (WRITE PETITION (CIVIL) NO. 494 OF 2012) and other connected matters, affirming that the Constitution of India guarantees to each individual a fundamental right to privacy. Although unanimous, the verdict saw 6 separate concurring decisions. Justice Chandrachud authored the decision speaking for himself, Justices Khehar and R.K. Agarwal and Abdul Nazeer. The remaining 5 judges each wrote individual concurring judgments.

This led to the constitution of an expert committee led by Justice (Rtd.) SriKrishna to frame an appropriate data protection and privacy law for India. The Bill based on this committee is before the Parliament and is being examined by a parliament committee on reference by Parliament. (The Personal Data Protection Bill, 2019). Penalties upto 4% of global turnover are prescribed for data privacy breach in The Personal Data Protection Bill, 2019.

Apart from this Sensitive Personal Data protection is also mandated by IT Act, 2000 and organizations negligent in protecting data privacy can be liable to compensation upto 5 crores for each individual’s data breach and also for jail term upto 3 years for its Key Managerial Personnel(KMPs).

The penalties and compensation can be mitigated by following reasonable security practices and being compliant to a standard data protection and cyber security regimen.

Talk to us for making you compliant with Data Protection and Privacy Regimen in India.

  • Stakeholder awareness
  • Data inventories
  • Registering processing operations
  • Carrying out a Data Protection Impact Assessment
  • Readiness assessment
  • Updating security policy
  • Updating privacy policy
  • Data breach protocol