India’s data protection challenge

India’s Personal Data Protection Bill cannot come soon enough as a wave of cyberattacks hits the nation.


India’s new Personal Data Protection Bill is working its way through the nation’s Parliament and could be enacted by next year. Modelled on Europe’s GDPR, the Bill promises to give India’s consumers power over their data and ensure that organisations handle electronic information responsibly.

For many observers, implementation of PDP cannot come soon enough. India’s existing data rules are seen as dysfunctional after a string of cyberattacks hit some of the nation’s biggest technology brands. Breaches have been alleged at digital wallet and payment system MobiKwik according to a post on Website Planet, while B2B platform Bizongo also reportedly suffered a data breach.

Under current laws, businesses are not obliged to report data breaches. Consumers are often none the wiser if their information has been stolen. The PDP would force companies to take responsibility for the security of data and inform consumers if their information had been compromised. The bill proposes fines of between 2% and 4% of global turnover or Rs 15 Crore (£1.5m) for offending companies that fail to obey the PDP.

To continue reading this article register now