Study finds the protection of personal data ambiguous



The draft Personal Data Protection Act 2018 is very similar to the general data protection regulation of the European Union (GDPR) and has ambiguities and has its own issues, according to a joint survey of PricewaterhouseCoopers and associated chambers of commerce and industry of India.

The draft bill that the BN Srikrishna Commission of Justice presented to the Center in July aims to establish a comprehensive framework for data protection. It proposes companies to adopt certain practices to collect, process and store consumer data, and recommends a range of sanctions, including prison sentences for privacy breaches.

"The proposed Wbp runs in 112 sections and is very similar to the GDPR of the EU, but it comes with its own challenges and ambiguities," according to the research report, adding that even when organizations with GDPR came to terms, they were confronted with another regulation.

The concept recommends that each data-intermediary – an entity that processes personal data – takes care of the storage, on a server or data center in India, of at least one service copy of personal data to which the law applies. This means that companies have to build local servers.

In order to protect national interests and to include the risk of surveillance of foreign states on critical data, the draft bill also proposes to prevent fiduciaries from sending data outside the territory of India. However, what personal information and & # 39; critical & # 39; personal information is a decision that has been left to the authority, the 21 page study has been added.

The intentions behind the move are good, but local data tracking would have an impact on companies in multiple sectors today run by the cloud, and it would increase the overall costs of doing business in all sectors, according to PwC's research -Assocham.

The Srikrishna Commission's proposal to establish criminal liability, making violations noticeable and unavailable, can force private sector executives to condemn, a clause contested by different stakeholders.

Following the recognition by the Supreme Court of the right to privacy & # 39; as a fundamental right under the Constitution of India in August 2017, the draft guidelines for the bill have attracted a lot of attention.

The study said that the integrity of the system could be jeopardized when cleaning data as required in the proposed regulation. Companies may need to re-tune systems to address challenges, it said.

The proposal to exclude anonymised data from restrictions will significantly reduce obligations for entities, both in the private and public sector.

The study suggested that in order to prevent damage to specific groups of individuals, the limitation of processing and publication of analyzes of anonymised data should be evolved. Companies will have to limit the collection and re-use of data in accordance with the consent of those involved, which according to the finding would be a challenge because organizations would have to change the way of thinking in order to collect and keep more data than necessary.

Data leaks, according to the PwC-Assocham study, are a serious business problem and the bill proposes a layered approach to impose fines for non-compliance.

To avoid significant business ramifications as a result of data leaks, organizations must outline a clearly defined test mechanism to assess the willingness to address any eventualities, the report added.


Source link

Leave a Reply