'Most Innovative Startup 2020' by RSA - Watch the pitch videoView More
In December 2019, India, following several other countries' footsteps on the privacy laws' developments, introduced the Personal Data Protection Bill (PDPB) to regulate the processing, collection, and storage of personal data.
The PDPB seeks to effectively protect personal data and provide a comprehensive legal framework for processing personal data. It also includes data principals' rights (Data subjects’ rights) and lays down a mechanism for unauthorized and harmful personal data processing remedies and fines. The PDPB imposes obligations on all businesses operating in India to reassess their data processing practices, policies, and safeguards.
SECURITI.ai enables organizations to comply with India's PDPB regulations through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
SECURITI.ai supports enterprises in their journey toward compliance with the India PDPB regulation through automation, enhanced data visibility, and identity linking.
See how our comprehensive PrivacyOps platform helps you comply with various sections of the India PDPB.
Create customized web forms according to your brand image with the DSR request format and accept verified data principal rights requests. Automate the initiation of fulfillment workflows when verified requests are received.
PDPB Sections: 17, 21
Data principals need to be notified about their data privacy rights and organizations are required to simplify the initiation of verified DSR requests. The automation of the delivery and generation of secure data access reports will greatly reduce the risk of compliance violations and reduce the workforce required to comply with all the requests.
PDPB Section: 17
Disclosure of information to the data principals within a limited time frame of receiving a verifiable data request is a must for any organization looking to comply. This will be free of charge and delivered through a secure, centralized portal.
PDPB Section: 18(1)(a)(b)(c), 18(2)(3)(4)
With the help of automated data principal verification workflows across all appearances of a data principal’s personal data, you can seamlessly fulfill all data rectification requests.
PDPB Section: 18(1)(d),18(2)(3)(4)
Fulfill data principal’s’ erasure requests, swiftly, through automated and flexible workflows.
PDPB Sections: 23, 28, 29
Keep track of risks involved by continuously scanning and monitoring data against non-compliance to subject rights, security controls, or data residency.
Discover personal information stored across all your internal and external systems within the organization and link them back to unique data principal. Also, visualize personal data sprawl and identify compliance risks.
PDPB Sections: 11, 23(3)(4)
Automatically scan the web properties within your organization, categorizing tags, and cookies. Also, build customizable cookie banners, collect consent, and provide a preference center.
PDPB Sections: 11, 12, 23(3)(4)
Track consent revocation of data principals to prevent the transfer or processing of data without their consent. Seamlessly demonstrate consent compliance to regulators and data principals.
PDPB Sections: 7, 22, 23, 24, 26(2), 27, 29, 30, 32
With the help of our multi-regulation, collaborative, readiness, and DPIA system, you can gauge your organization's posture against PDPB requirements, identify the gaps, and address the risks. Seamlessly being able to expand assessment capabilities across your vendor ecosystem to maintain compliance against PDPB requirements.
PDPB Sections: 22(1), 23, 28(1), 27
Track data flows in your organizations, trace this data, catalog, transfer, and document business process flows internally and to service providers or third parties.
PDPB Sections: 7(1)(h), 24, 27, 26, 30, 31
Keep track of privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests and deletions, and manage all vendor contracts and compliance documents.
PDPB Section: 25
Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.
Data principals may bring claims to adjudicating officers appointed by the DPA for compensation, and there is also a mechanism to permit group actions.
PDPB is applicable to personal data collected, stored, shared, or processed within India's territories.
Data fiduciaries or data processors who are not in India's territorial limits but are involved in carrying out business or systematic offering of services or goods to individuals in India also come under the application scope of PDPB.
Serious and substantive violation of the provisions of the PDPB regarding the processing of personal data is punishable with a fine approximately INR. 150,000,000.or 4% of the annual turnover of the data fiduciary, whichever is higher.
Data fiduciaries are obliged to undertake transparency and accountability measures like security safeguards, instituting grievance redressal mechanisms for data principals' complaints, and privacy by design policy.
PDPB introduces the concept of consent managers under Section 21 of the PDPB, who will manage the data principals' consent to data fiduciaries.
The PDPB imposes criminal liability on re-identification and processing of de-identified personal data without consent with imprisonment of up to three years, or fine, or both.