Securiti PrivacyOps Named a Leader in The Forrester WaveTM

Download Now

India Data Protection Bill 2021

Get DPB compliant with the most comprehensive PrivacyOps platform.

Download the book today!

PrivacyOps - Automation & Orchestration for Privacy Compliance
Download Book
Available in PDF

In December 2019, India, following several other countries' footsteps on the privacy laws' developments, introduced the Personal Data Protection Bill (PDPB) to regulate the processing, collection, and storage of personal data. However, in November 2021, the bill’s name was amended to now be called the Data Protection Bill 2021 (DPB). The primary reason behind this change in name is down to the DPB now containing several provisions on non-personal data.

The Data Protection Bill 2021 seeks to effectively protect personal and non-personal data while providing a comprehensive legal framework for processing this data. It also includes data principals' rights (Data subjects’ rights) and lays down a mechanism for unauthorized and harmful personal and non-personal data processing remedies and fines. Moreover, it creates a Data Protection Authority that will regulate both personal and non-personal data.

DPB is applicable to personal data collected, stored, shared, or processed within India's territories. Data fiduciaries or data processors who are not in India's territorial limits but are involved in carrying out business or systematic offering of services or goods to individuals in India also come under the application scope of DPB.

The solution

Securiti enables organizations to comply with India's DPB regulations through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

securiti dashboard

Securiti supports enterprises in their journey toward compliance with the Indian DPB regulation through automation, enhanced data visibility, and identity linking.

See how our comprehensive PrivacyOps platform helps you comply with various sections of the Indian DPB.


 

Customize a data subject rights request portal for seamless customer care

 

Create customized web forms according to your brand image with the DSR request format and accept verified data principal rights requests. Automate the initiation of fulfillment workflows when verified requests are received.

dsr portal
dsr handling

Automate data subject access request handling

DPB Sections: 17, 21

Data principals need to be notified about their data privacy rights and organizations are required to simplify the initiation of verified DSR requests. The automation of the delivery and generation of secure data access reports will greatly reduce the risk of compliance violations and reduce the workforce required to comply with all the requests.

Secure fulfillment of data access

DPB Section: 17

Disclosure of information to the data principals within a limited time frame of receiving a verifiable data request is a must for any organization looking to comply. This will be free of charge and delivered through a secure, centralized portal.

data access request
data rectify request

Automate processing of rectification requests

DPB Section: 18(1)(a)(b)(c), 18(2)(3)(4)

With the help of automated data principal verification workflows across all appearances of a data principal’s personal data, you can seamlessly fulfill all data rectification requests.

Automate erasure requests

DPB Section: 18(1)(d),18(2)(3)(4)

Fulfill data principal’s’ erasure requests, swiftly, through automated and flexible workflows.

data erasure request
personal data monitoring tracking

Continuous monitoring and tracking

DPB Sections: 23, 28, 29

Keep track of risks involved by continuously scanning and monitoring data against non-compliance to subject rights, security controls, or data residency.

Automate People Data Graph

 

Discover personal information stored across all your internal and external systems within the organization and link them back to unique data principals. Also, visualize personal data sprawl and identify compliance risks.

personal information data linking
cookie consent

Meet cookie compliance

DPB Sections: 11, 23(3)(4)

Automatically scan the web properties within your organization, categorizing tags, and cookies. Also, build customizable cookie banners, collect consent, and provide a preference center.

Monitor and track consent

DPB Sections: 11, 12, 23(3)(4)

Track consent revocation of data principals to prevent the transfer or processing of data without their consent. Seamlessly demonstrate consent compliance to regulators and data principals.

consent preference management
Assess GDPR readiness

Assess DPB readiness

DPB Sections: 7, 22, 23, 24, 26(2), 27, 29, 30, 32

With the help of our multi-regulation, collaborative, readiness, and DPIA system, you can gauge your organization's posture against DPB requirements, identify the gaps, and address the risks. Seamlessly being able to expand assessment capabilities across your vendor ecosystem to maintain compliance against DPB requirements.

Map data flows

DPB Sections: 22(1), 23, 28(1), 27

Track data flows in your organizations, trace this data, catalog, transfer, and document business process flows internally and to service providers or third parties.

map data flows
manage vendor risk

Manage vendor risk

DPB Sections: 7(1)(h), 24, 27, 26, 30, 31

Keep track of privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests and deletions, and manage all vendor contracts and compliance documents.

Breach Response Notification

DPB Section: 25

Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.

breach response notification

Key Rights Under DPB

Right to Confirmation and Access: Data principals can access their personal data or obtain confirmation from the data fiduciary regarding their personal data whether it is being processed or not.

Right to Correction and Erasure: Data principals can seek correction of inaccurate, incomplete, update, or erasure of their personal data.

Right to Data Portability: In certain circumstances, where the processing has been carried out through automated means, the data principal may receive the personal data in a structured, commonly used and machine-readable format, and also have their personal data transferred from one fiduciary to another.

Right to be Forgotten: Data principals may restrict data fiduciaries to continuing disclosure of their personal data if the consent is withdrawn or it has served the purpose of data processing or collection.

Notification Requirement: Data fiduciaries must notify data principals to collect or process their personal data with certain information described under Section 7 of the DPB.

Quick facts about DPB

1

Serious and substantive violation of the provisions of the DPB regarding the processing of personal data is punishable with a fine approximately INR. 150,000,000.or 4% of the annual turnover of the data fiduciary, whichever is higher.

2
Data fiduciaries are obliged to undertake transparency and accountability measures like security safeguards, instituting grievance redressal mechanisms for data principals' complaints, and privacy by design policy.
3
DPB introduces the concept of consent managers under Section 21 of the DPB, who will manage the data principals' consent to data fiduciaries.
4
As per Section 35 of the DPB, the government and all its agencies will be exempt from the purview of the proposed DPB.
5
As per Section 12 of the DPB, the government can process non-personal data without proper consent or parliamentary approval.
6
The DPB law would declare all social media platforms currently defined as “intermediaries” to be treated as “publishers”. This would allow the DPA to hold these platforms responsible for the content they host.
7
Under the new bill, all data handlers are mandated to store mirror copies of all sensitive data within the jurisdiction of India. Additionally, it calls on them to take appropriate measures to develop infrastructure to primarily store all data in India itself.
8
The bill would regulate all hardware and hardware manufacturers via a strict certification process for all Internet of Things (IoT) devices. A dedicated testing facility for all such devices will also be set up.
9
The DPB calls on all data handlers to report a data breach to the DPA within 72 hours.

Systems

Newsletter


Securiti PrivacyOps Named a Leader in The Forrester WaveTM

View