What is India’s Personal Data Protection Bill (PDPB)?
India’s Personal Data Protection Bill (PDPB), introduced on December 11, 2019, is one of the most comprehensive and stringent laws in the world. PDPB mirrors the European GDPR, but at the same time, has notable differences.
The PDPB specifies how to collect, process, disclose, use, transfer and store the personal data of citizens of India, with the goal of ensuring the protection of the privacy of individuals. The maximum penalty for non-compliance with PDPB is 4 percent of annual global turnover.
Does the PDPB apply to your company, and how does it differ from GDPR? Read below.
Who does the PDPB apply to?
The PDPB applies to the Government of India, any company incorporated in India, as well as any company outside India that deals with the personal data of individuals in India. So, it’s extraterritorial, like CCPA and GDPR and many other privacy laws around the world.
The key differences between PDPB and GDPR
- The PDPB defines minors as under the age of 18, while under the GDPR minors are children under the age of 16 with some states between 13 and 16 years of age.
- In the category of sensitive personal data, PDPB also includes financial data, while GDPR does not.
- According to the PDPB, the government has the possibility to request the publication of anonymized data, unlike the GDPR, where this possibility does not exist.
- In the Indian Privacy Act, portability is more broadly defined than in the GDPR.
- The PDPB has seven reasons for processing personal data, unlike the GDPR, which has six.
- The PDPB also includes requirements for social media intermediaries to verify information as well as register services.
Overall, the PDPB has the potential to significantly impact businesses and individuals in India, particularly in the areas of compliance, data protection standards, and user control over data.
The PDPB imposes strict data protection standards and requires businesses to report data breaches to authorities within a certain timeframe. This could lead to more rigorous data protection practices and greater accountability. The PDPB also imposes restrictions on the transfer of personal data outside India, which could impact cross-border data flows and trade. This could lead to challenges for businesses that operate across multiple jurisdictions.
If you fall into one category covered by the PDPB, make sure you are fully compliant with the law! Our data protection service can help you there.