Appropriate risk governance management in the fields of digital data privacy and security in the business world requires not only understanding of applicable laws and regulations, but also at least a reasonable awareness of modern techniques and the activities of the organization or other organization that are accumulating or using private information or controlling behaviour. The Data Protection Act (DPA) regulates the gathering and use of private information. ‘Personal data’ refers to information that may be used to identify any living individual or that, when combined with other information stored by you, can be used to identify any person.
The term ‘processing’ of personal data refers to the act of acquiring, collecting, or storing information. Because you will be managing the private information of your workforce, suppliers, and/or customers as a company, it is probable that your actions will fall under the purview of the DPA. If you are a ‘data controller’ under the Act and fail to tell the Information Commissioner about your organization, your directors may face criminal prosecution. A system administrator is an individual or organization that determines why personal data is handled. Private data must be protected under the DPA.
Personal information according to the DPA must be:
- fairly and legally processed;
- processed for reasons; adequate, meaningful, and not unnecessary; Personal information must be:
- fairly and legally processed;
- processed for reasons;
- adequate, meaningful, and not unnecessary;
- accurate and, where required, updated regularly;
- not kept for longer than needed;
- processed in accordance with the person’s freedom;
- kept safe; and
- not transferred to countries outside the EEA unless the information is adequately protected.
Failure to comply can lead to an enforcement letter prohibiting your company from analysing information, thus shutting down numerous firms, as well as severe fines may be imposed. Furthermore, a company’s officials, managers, and directors could be held personally criminally accountable for the violation. Laws governing information privacy, data privacy, or data protection establish a legal framework for obtaining, using, and storing personal data.
The different laws throughout the globe define natural individuals’ rights to regulate who uses their information. This often involves the right to obtain information about which information is held, for what purpose, and to seek deletion if the objective is no longer specified.
Personal Data Protection Bill (PDP)
The PDP Bill (Personal Data Protection Bill) was proposed and passed in India to protect the current data protection system of India. Currently governed under the Information Technology Act 2000. The Personal Data Protection Bill provides rules for notice and previous approval for the use of personal information, constraints on the reasons for which organizations can handle data, and limitations to guarantee that only information needed to provide a service to the person concerned is gathered.
It also contains criteria for data localization and the designation of data protection administrators inside enterprises. This precise data protection regulation has not yet been established in India. The Indian legislature did, nevertheless, alter the Information Technology Act (2000) to add Sections 43A and 72A, which provide for reimbursement for wrongful personal data. Rules governing the acquisition and sharing of private information.
Under Article 43A of the IT Act, the Indian federal government later enacted the Information Technology Rules. The Regulations place extra duties on corporate and commercial enterprises in India for the acquisition and disclosure of sensitive private and confidential information, which are comparable to the GDPR and the Data Protection Regulations. Organizations in regulated industries, such as financial services and telecommunications, are subordinate to confidentiality obligations under sectoral laws that force them to keep customers’ data kept private and use it only for recommended purposes or in the sort of way agreed upon with the customer.
PDP will be introduced in stages. The Indian government and a Joint Parliamentary Council have submitted the original PDP Bill on data protection, which would be India’s first legislation on the protection of personal information and therefore will abolish Section 43A of the IT Act. Nevertheless, yet after approval, the law is likely to be adopted in stages. There is currently no available information concerning the deployment timeframe.
Furthermore, India lacks a national regulatory authority for personal data protection. The Ministry of Electronics and Information Technology oversees overseeing the IT Act and making regulations and other adjustments under the IT Act. The Personal Data Protection Bill proposes the establishment of a Data Protection Authority of India, which would be accountable for safeguarding data principals’ rights, prohibiting the exploitation of personal information, and enforcing compliance with the new legislation.
WhatsApp clashes with the Indian government Regarding Privacy Rules
Recently WhatsApp filed a suit in Delhi against the Indian Government to block the rules which may be coming into force. Experts suggested that would compel Facebooks messaging application to break the privacy and protection. The appeal seeks the Delhi High Court to determine since one of the new IT rules violates India’s constitution’s right to privacy by requiring social media websites to identify the “original source of data” when officials seek so. WhatsApp claims that since conversations are secured end-to-end, it would have to decrypt messages for both message recipients and senders in order to keep up with the changes in the new legislation.
When asked to elaborate on the court case, WhatsApp said in a statement, “Mandating text messaging applications to detect chats is the equivalent of having others to maintain an information of every particular message sent through WhatsApp, which might dissolve end-to-end encryption and profoundly diminish anyone’s privacy rights.” The court determined that privacy should be protected unless legality, need, and proportionality all counted against this. WhatsApp says that the new legislation breaches all those requirements, beginning with a lack of clear legislative support.
Data Protection Act and its Impact on Small Businesses
The Data Protection Act of 1998 safeguards personal data held by corporations and governments by setting restrictions on the transmission of such data and information. The Legislation contains various provisions that should be followed while acquiring and providing data. These guidelines, or Data Protection Policies, are issued by the Information Committees Office, which oversees determining how businesses utilize personal information and if they are accountable enough while collecting and distributing such data. Every day, many enterprises, especially huge ones, manage massive amounts of data. Therefore, they must devise methods for auditing enormous amounts of redundant or outmoded data. Previous Information is already out of date as well as prone to mistakes like transmitting incorrect information.
Records having past data are harder to verify than those carrying recent data. It is difficult to uncover private information among a slew of worthless data. Given all these factors, it becomes critical for businesses, whether big or small, to maintain and update on a regular basis and discard older data that might create errors in sharing information, as well as safeguard confidential material from ending up in the hands of a rival
Data protection regulations have become more important not only in our country but then also throughout the globe. Because more and more technologies are used in their daily lives, users’ security must be safeguarded because they are surrendering it with each usage. Nowadays, practically every element of our interaction and privacy is controlled by a third person. The dimensions of the current virtual era are such that practically every single transaction that persons engage in includes some type of information transmission or another.
This might also raise concerns about the “data protection expectations” which have been established as a significant foundation in the scope of Data Protection Legislation. While the information may be put to good use, the uncontrolled and random use of data worldwide has generated concerns among people about their security and liberty. In addition, the Apex Court issued a historic decision on the subject topic, which resulted in the implementation of the right to privacy and freedom of expression as a fundamental right.
“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”
Petrescu, M., & Krishen, A. S. Analysing the analytics: Data privacy concerns
– Journal of Marketing Analytics. Retrieved from
Martin, K. D., Borah, A., & Palma tier, R. Data Privacy: Effects on Customer and firm performance. Retrieved from
Data Protection Act 1998. Retrieved from https://en.wikipedia.org/wiki/Data_Protection_Act_1998
What is a Data Subject? Experian Business. (n.d.). Retrieved from
Johnson, K.Council Post: The Impact of Data Privacy on Your Business. Retrieved from https://www.forbes.com/sites/forbestechcouncil/2018/09/14/theimpact–of–data–privacy–on–your–business/?sh=54fb2fe0196c
Written by- Anushka Satwani