Explained: How India’s Data Protection Bill Stacks Up To EU Regulations
the JCP Recommendations on the Personal Data Protection Bill are in some ways very similar to global standards such as the European Union General Data Protection Regulation, but differ on aspects such as prison sentences. Looked:
The similarities between the EU General Data Protection Regulation and the JCP recommendations on the Data Protection Bill:
EU: Users must have informed consent on how their data is processed so that they can subscribe or unsubscribe.
India: Data processing must be carried out in a fair and transparent manner, while ensuring confidentiality
EU: The supervisory authority must be notified of a breach within 72 hours of the leak so that users can take action to protect the information.
India: The Data Protection Authority must be informed within 72 hours; DPA will decide if users need to be informed and what action to take
* Transition period
EU: Two-year transition period for the implementation of GDPR provisions
India: 24 months in total; 9 months for the registration of data trustees, 6 months for the start of the DPA
* Data trustee
EU: The data trustee is any natural or legal person, public authority, agency or body that determines the purpose and means of data processing.
India: Similar suggestions; in addition, NGOs that also process data to be included as trustees
Difference between EU regulation and JCP recommendations:
* Anonymous information
EU: Data protection principles do not apply to anonymous information because it is indistinguishable from one another
India: Non-personal data should fall within the scope of data protection law such as non-personal data
EU: No prison sentences. Fines of up to 20 million euros, or in the case of a company, up to 4% of their total global turnover for the previous financial year
India: A prison sentence of up to 3 years, a fine of Rs 2 lakh or both if anonymized data is re-identified by a person.
Newsletter | Click for the best explanations of the day to your inbox