Any entity, including the state, a company or an individual may be penalised up to Rs 15 crore or 4 per cent of their turnover for violating norms proposed under the draft Personal Data Protection bill.

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

The bill, submitted by the Justice Srikrishna Committee to the Information and Technology ministry, has proposed a jail term of up to three years for individuals found violating data protection rules under the bill in works.

"Where a data fiduciary contravenes any of the following provisions, it shall be liable to a penalty which may extend up to fifteen crore rupees or four per cent of its total worldwide turnover of the preceding financial year," according to the draft bill.

The bill has included all entities including the state, a company, any juristic entity or any individual that are involved processing of personal data.

The data protection framework in works mandates data fiduciaries to report data breach, get their data audited, take requisite permission before processing data, appoint data protection officer who will check various kind of compliances etc.

The bill has proposed imprisonment of up to three years or Rs 2 lakh or both if a person who obtains personal data, discloses, transfers or sells it ,which harms to the affected person.

In case of sensitive data, the violator can be punished with jail term of up to five years or Rs 3 lakh fine or both.

The bill proposes up to three-year jail or Rs 2 lakh fine or both if a person is found have knowingly or intentionally or recklessly re-identified personal data which has been de-identified by a data fiduciary or a data processor or without their consent.

WATCH ZEE BUSINESS VIDEO HERE

Under the new framework, a violator can be penalised up to Rs 1 crore for significant breach and up to Rs 25 lakh penalty in all other cases where no separate penalty has been provided.

The bill has proposed creation of Data Protection Authority which will have powers to investigate contravention to the framework in work. The authorised officer will have power to search any premise, books, documents, records where data is kept and seize any computer, device, records required for investigation or evidence.