India's Personal Data Protection (PDP) Bill

Ambiguous definitions for compliance (Clauses 14, 24) more

Competitive Disadvantage - Clause 34 Clause 34 highlights governance over data transfers between different countries, giving exceptions to only certain allowances such as emergencies. By doing so, the ease of doing business with multiple entities1 situated in different countries becomes more complex, resulting in loss of opportunities for Indian businesses to compete on the global stage. United N… more

Expensive Hiring Requirements (Clause 30) Clause 30 in the draft PDP 2019 Bill requires hiring a Data Protection Officer (DPO) for implementing grievance redressal mechanisms and for accountability during inquiries in case of non-compliance. There is no clarity about whether such a role can be outsourced to third parties who specialize in such compliance requirements. The European General Data Pr… more

Clauses 93 and 94 allow the DPA to hire members of the Appellate Tribunal to finalize PDP regulations. more

Jurisdiction Clause 91 allows for the collection of Non Personal Data (NPD). Members and representatives from the startup and investor community in India have shared strong opinions that India needs a PDP Bill first before NPD regulation can be considered 1. more

Broad recommendations for smaller organizations: For smaller organizations to comply with PDP, two suggestions have been made: more

CDO: Chief Data Officer DF: Data Fiduciary DPA: Data Protection Authority DPO: Data Protection Officer GDP: Gross Domestic Product GDPR: General Data Protection Regulation (European Union Regulation, 2016) JPC: Joint Parliamentary Committee on the Data Protection Bill 2019 MSME: Ministry of Small and Medium Enterprises NPD: Non Personal Data (framework) PDP: The Personal Data Protection Bill (201… more