The Indian Express has learned that under the revised version of the Data Protection Bill, businesses that deal with consumer personal data may face fines of up to Rs 200 crore if they fail to take reasonable precautions to avoid data breaches. After providing the corporations with a chance to be heard, the Data Protection Board, the adjudicating body proposed to implement Bill’s requirements, is expected to be given the authority to impose the penalties.
A brief about Penalty up to Rs 200 crore if firms don’t have safeguards as per Data Protection Bill:
The severity of the penalties for non-compliance by data fiduciaries—entities that handle and process the personal data of individuals—is anticipated to vary. Companies that fail to notify those affected by a data breach might face fines of about Rs 150 crore, while those that fail to protect the personal information of children could face fines of about Rs 100 crore. The penalty for breaking the rule was set at Rs. 15 crore or 4% of the company’s annual revenue, whichever was larger, in the former version of the Bill that was dropped earlier this year.
According to reports, the government will release a final draught of the revised Bill, which is internally known as the “Digital Personal Data Protection Bill,” this week. According to information obtained, the proposed Bill would solely address protections for personal data and has left out non-personal data from its purview. According to information obtained, the proposed Bill would solely address protections for personal data and has left out non-personal data from its purview. In essence, non-personal data refers to any information that cannot be used to identify a specific person.
The earlier version of Bill’s fines for data misuse was not viewed as an effective deterrence. The current suggested increased fines will compel organizations to create robust data protection measures and implement fiduciary discipline.
After over four years and numerous revisions, including discussions by a Joint Committee of Parliament, the administration withdrew the prior Personal Data Protection Bill from Parliament in August. It stated that a “complete legislative framework” for the online environment would soon be finalized by the government. Despite Union IT Minister Ashwini Vaishnaw’s declaration in February 2022 that he hoped to secure the Parliament’s approval of the Bill during the monsoon session, the withdrawal occurred.
Similar to the recently published draught Indian Telecommunication Bill, 2022, the revised version of the Bill is likely to be provided along with an explanatory summary. The Bill will go through a lengthy consultation process and is most likely to be introduced in the Parliament’s Budget session the following year.