Any entity, including the state, a company or an individual may be penalised up to Rs 15 crore or 4 per cent of their turnover for violating norms proposed under the draft Personal Data Protection bill.
The bill, submitted by the Justice Srikrishna Committee to the Information and Technology ministry, has proposed a jail term of up to three years for individuals found violating data protection rules under the bill in works.
"Where a data fiduciary contravenes any of the following provisions, it shall be liable to a penalty which may extend up to fifteen crore rupees or four per cent of its total worldwide turnover of the preceding financial year," according to the draft bill.
The bill has included all entities including the state, a company, any juristic entity or any individual that are involved processing of personal data.
The data protection framework in works mandates data fiduciaries to report data breach, get their data audited, take requisite permission before processing data, appoint data protection officer who will check various kind of compliances etc.
The bill has proposed imprisonment of up to three years or Rs 2 lakh or both if a person who obtains personal data, discloses, transfers or sells it ,which harms to the affected person.
In case of sensitive data, the violator can be punished with jail term of up to five years or Rs 3 lakh fine or both.
The bill proposes up to three-year jail or Rs 2 lakh fine or both if a person is found have knowingly or intentionally or recklessly re-identified personal data which has been de-identified by a data fiduciary or a data processor or without their consent.
Under the new framework, a violator can be penalised up to Rs 1 crore for significant breach and up to Rs 25 lakh penalty in all other cases where no separate penalty has been provided.
The bill has proposed creation of Data Protection Authority which will have powers to investigate contravention to the framework in work. The authorised officer will have power to search any premise, books, documents, records where data is kept and seize any computer, device, records required for investigation or evidence.
Disclaimer: No Business Standard Journalist was involved in creation of this content
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app