Many countries have enacted data privacy laws that govern the collection, storage, and use of personal data. In India the Digital Personal Data Protection Bill, 2023* was passed on 07.08.2023. It lays down the obligations of entities handling and processing data as well as the rights of individuals. The bill proposes a maximum penalty of Rs 250 crore and minimum of Rs 50 crore on entities violating the norms.


Key provisions of the bill*

  • In case of a data breach, companies must inform the Data Protection Board (DPB) and users
  • Children’s data and data of physically disabled persons with guardians must be processed after consent from guardians
  • Firms must appoint a Data Protection Officer, and provide such details to users
  • The Centre retains the power to restrict the transfer of personal data to any country, or territory outside India
  • Appeals against DPB decisions to be heard by the Telecom Disputes Settlement and Appellate Tribunal
  • DPB may summon, examine people under oath, inspect books, and documents of companies working with personal data
  • DPB to decide on penalty after considering the nature and gravity of the breach, the type of personal data impacted
  • DPB may advise government to block access to an intermediary, if DPDP Bill provisions are breached more than twice