India’s Path to Data Protection Independence
A data-protection bill could have massive implications for businesses when it finally comes into effect.
16 June 2021
As India’s economy continues to grow, the government's focus has turned to making the country more attractive for global businesses and foreign investment. Recent policy changes have been proposed to achieve this goal. While strides have been made, one particular policy, the Personal Data Protection Bill, 2019 ("PDPB"), has been at the forefront of discussions.
The Personal Data Protection Bill was introduced in 2019 by Minister of Electronics and Information Technology Ravi Shankar Prasad. Its purpose is to provide individuals with personal data protection and to establish a Data Protection Authority of India.
Under the bill waiting to be passed in Parliament, any data that can identify an individual, either directly or indirectly, is masked. The Personal Data Protection Bill prescribes how personal data should be collected, processed, used, disclosed, stored and transferred.
The bill’s preamble focuses on three key points:
- “[T]he right to privacy is a fundamental right and it is necessary to protect personal data as an essential facet of informational privacy[.]”
- “[T]he growth of the digital economy has expanded the use of data as a critical means of communication between persons[.]”
- “[I]t is necessary to create a collective culture that fosters a free and fair digital economy, respecting the informational privacy of individuals, and ensuring empowerment, progress and innovation through digital governance and inclusion.”
At first glance, comparisons can be made with the European Union’s General Data Protection Regulations (GDPR), and rightly so. India had lagged in confidentiality and cybersecurity regulations, and the national emphasis on the PDPB is heightened given the proliferation of cyberattacks, data breaches and the sharing of personally identifiable information (PII) across the globe.
The enforcement of PDPB would have been easier in a traditional office setting, but given the extended remote working situation that India has faced due to the COVID-19 pandemic, this has changed the dynamic completely.
One question remains unanswered: How can a remote-work environment comply with secure access to business-critical data? A large number of Indian businesses have already started looking at technology solutions that would facilitate secure data-sharing processes. Some of the increasingly common use cases using technological alternatives are:
- Financial transactions
- Due diligence
- Annual general meetings (AGMs)
- Site walkthroughs
- Product demonstrations
- Team collaborations
- Third-party collaborations (especially with banks and FII’s)
Anticipating reform in data security across the country once the PDPB comes into effect, large financial institutions, banks and leading corporations have
The emphasis on data protection is here to stay. It's for the safeguarding of individuals' privacy and to boost India's overall growth in attracting foreign capital.
Big changes and potential implications are ahead. Organizations need to be prepared both in a traditional work setting and the remote work.
Mayur leads the SS&C Intralinks business in India. His focus is on supporting clients to facilitate their strategic financial transactions such as mergers and acquisitions, IPO, capital raising, audits and restructuring through highly secure and proprietary-driven technology solutions. His experience includes more than 10 years working with the financial sector.