Securiti PrivacyOps Named a Leader in The Forrester WaveTMDownload Now
In December 2019, India, following several other countries' footsteps on the privacy laws' developments, introduced the Personal Data Protection Bill (PDPB) to regulate the processing, collection, and storage of personal data. However, in November 2021, the bill’s name was amended to now be called the Data Protection Bill 2021 (DPB). The primary reason behind this change in name is down to the DPB now containing several provisions on non-personal data.
The Data Protection Bill 2021 seeks to effectively protect personal and non-personal data while providing a comprehensive legal framework for processing this data. It also includes data principals' rights (Data subjects’ rights) and lays down a mechanism for unauthorized and harmful personal and non-personal data processing remedies and fines. Moreover, it creates a Data Protection Authority that will regulate both personal and non-personal data.
DPB is applicable to personal data collected, stored, shared, or processed within India's territories. Data fiduciaries or data processors who are not in India's territorial limits but are involved in carrying out business or systematic offering of services or goods to individuals in India also come under the application scope of DPB.
Securiti enables organizations to comply with India's DPB regulations through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
Securiti supports enterprises in their journey toward compliance with the Indian DPB regulation through automation, enhanced data visibility, and identity linking.
See how our comprehensive PrivacyOps platform helps you comply with various sections of the Indian DPB.
Create customized web forms according to your brand image with the DSR request format and accept verified data principal rights requests. Automate the initiation of fulfillment workflows when verified requests are received.
DPB Sections: 17, 21
Data principals need to be notified about their data privacy rights and organizations are required to simplify the initiation of verified DSR requests. The automation of the delivery and generation of secure data access reports will greatly reduce the risk of compliance violations and reduce the workforce required to comply with all the requests.
DPB Section: 17
Disclosure of information to the data principals within a limited time frame of receiving a verifiable data request is a must for any organization looking to comply. This will be free of charge and delivered through a secure, centralized portal.
DPB Section: 18(1)(a)(b)(c), 18(2)(3)(4)
With the help of automated data principal verification workflows across all appearances of a data principal’s personal data, you can seamlessly fulfill all data rectification requests.
DPB Section: 18(1)(d),18(2)(3)(4)
Fulfill data principal’s’ erasure requests, swiftly, through automated and flexible workflows.
DPB Sections: 23, 28, 29
Keep track of risks involved by continuously scanning and monitoring data against non-compliance to subject rights, security controls, or data residency.
Discover personal information stored across all your internal and external systems within the organization and link them back to unique data principals. Also, visualize personal data sprawl and identify compliance risks.
DPB Sections: 11, 23(3)(4)
Automatically scan the web properties within your organization, categorizing tags, and cookies. Also, build customizable cookie banners, collect consent, and provide a preference center.
DPB Sections: 11, 12, 23(3)(4)
Track consent revocation of data principals to prevent the transfer or processing of data without their consent. Seamlessly demonstrate consent compliance to regulators and data principals.
DPB Sections: 7, 22, 23, 24, 26(2), 27, 29, 30, 32
With the help of our multi-regulation, collaborative, readiness, and DPIA system, you can gauge your organization's posture against DPB requirements, identify the gaps, and address the risks. Seamlessly being able to expand assessment capabilities across your vendor ecosystem to maintain compliance against DPB requirements.
DPB Sections: 22(1), 23, 28(1), 27
Track data flows in your organizations, trace this data, catalog, transfer, and document business process flows internally and to service providers or third parties.
DPB Sections: 7(1)(h), 24, 27, 26, 30, 31
Keep track of privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests and deletions, and manage all vendor contracts and compliance documents.
DPB Section: 25
Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.
Right to Confirmation and Access: Data principals can access their personal data or obtain confirmation from the data fiduciary regarding their personal data whether it is being processed or not.
Right to Correction and Erasure: Data principals can seek correction of inaccurate, incomplete, update, or erasure of their personal data.
Right to Data Portability: In certain circumstances, where the processing has been carried out through automated means, the data principal may receive the personal data in a structured, commonly used and machine-readable format, and also have their personal data transferred from one fiduciary to another.
Right to be Forgotten: Data principals may restrict data fiduciaries to continuing disclosure of their personal data if the consent is withdrawn or it has served the purpose of data processing or collection.
Notification Requirement: Data fiduciaries must notify data principals to collect or process their personal data with certain information described under Section 7 of the DPB.
Serious and substantive violation of the provisions of the DPB regarding the processing of personal data is punishable with a fine approximately INR. 150,000,000.or 4% of the annual turnover of the data fiduciary, whichever is higher.
PO Box 13039,
Coyote CA 95013