Here’s How Much Companies Have To Pay For Violating India’s Data Protection Law

Here’s How Much Companies Have To Pay For Violating India’s Data Protection Law

SUMMARY

The bill has set up checks and balances for companies to ensure compliance

Companies are required to conduct data audits and undertake data protection impact assessment among other things

Bill permits companies to transfer personal data outside India with explicit user consent

The revised version of the personal data protection bill has proposed various penalties for companies contravening the bill’s guidelines. The highest penalty proposed is of INR 15 Cr or 4% of company’s global turnover in the last financial year, depending on whichever amount is higher, for violating the bill’s provisions for personal data processing and transfer. 

The PDP bill has asked companies to take explicit user consent before processing or transferring sensitive personal user data outside India. 

The bill defines sensitive personal user data as financial data, health data, biometric data, sexual orientation, transgender status, genetic data, caste or tribe, religious or political belief and more. 

Another layer of penalty is proposed for companies failing to take appropriate action in response to a data breach, failing to undertake data protection impact assessment, conduct data audit and not appointing data protection officer. In these cases, a penalty of INR 5 Cr or 2% of the company’s global turnover in the previous fiscal year. 

It remains to be seen whether the parliamentary committee, that is likely to debate on the points of the bill before it is passed, makes any changes in these stipulated penalties. 

To put it in perspective, tech giants such as Facebook and Google earn billions in turnover every year.  For the fiscal year 2018 ending December 31, 2018, Google posted revenue of $136.8 billion. At that rate, it would have to pay at least $2.7 Bn in fine for violating the law about data breach response. 

Government On Data Privacy Regulations

The Supreme Court of India had made right to privacy a fundamental right in the landmark KS Puttaswamy Vs Union of India judgement of 2018. This judgement was followed by a lot of debate about ownership and protection of citizen data. 

India’s commerce minister Piyush Goyal opined that countries must have sovereign right to use citizens’ data including personal, community, and public data, for the welfare of people. The minister was speaking at the G20 Trade Ministers’ held in June 2019. 

IT Minister Ravi Shankar Prasad also said earlier that the government will not let the country’s data sovereignty to be compromised. He also pointed out that there should be a balance between data availability, utility, innovation and data privacy.

The first draft of personal data protection bill was published in 2018, after the submission of Justice Srikrishna committee report. Later in August 2019, Justice Srikrishna said at a right to privacy event, “A data protection bill is the need of the hour. We have to go beyond the stated intent of data collection to understand the motives and eventual uses to which it can be put.”

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Here’s How Much Companies Have To Pay For Violating India’s Data Protection Law-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Here’s How Much Companies Have To Pay For Violating India’s Data Protection Law-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Here’s How Much Companies Have To Pay For Violating India’s Data Protection Law-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Here’s How Much Companies Have To Pay For Violating India’s Data Protection Law-Inc42 Media
Here’s How Much Companies Have To Pay For Violating India’s Data Protection Law-Inc42 Media
You’re in Good company