As the Monsoon Session is underway, Personal Data Protection Bill is one of the key ordinances listed for the session. After being cleared in the recent cabinet meeting, the bill is headed to the monsoon session of the Parliament. As per the provisions of the bill, if one's personal data is misused, it will entail a fine of up to Rs 500 crore, sources said. The bill will have jurisdiction over the processing of digital personal data in India. This includes data collected online or offline and later digitised. The bill will also apply to the processing of data outside of India if it involves offering goods or services or profiling individuals in India.
In the midst of India's technological landscape, where data security and privacy have become paramount concerns, Sunil Chandna, the founder and CEO of Stellar Data Recovery spoke to International Business Times about the Data Protection Bill. As an expert in the field of data recovery and protection, Chandna sheds light on the upcoming Data Protection Bill in India and its far-reaching impact on businesses and individuals alike. With a focus on empowering individuals and ensuring compliance, this bill is set to redefine how companies handle personal data and foster a culture of trust in the digital realm.
In this interview, Chandna shares his perspectives on the bill's implications, the need for stringent compliance, and the increasing demand for data protection solutions in today's evolving landscape. Stellar's Bitraser and other products are also used by RBI, WHO, Google and others, and it gives a stiff competition to international players by serving more than 3 million plus consumers across 190 countries for the last 30 years.
Below are the excerpts from interview with Sunil Chandna, Founder and CEO of Stellar Data Recovery, on the Data Protection Bill in India.
IBT: The impending Data Protection Bill in India is expected to bring significant changes. How will it impact companies, and what can Indians expect from the new bill?
Sunil Chandna: The Data Protection Bill aims to safeguard the privacy and personal data of Indians, which will undoubtedly impact both businesses and individuals. Companies will need to obtain explicit consent for data collection, storage, and usage, fostering transparency and accountability in handling sensitive information. This shift will promote a culture of trust between consumers and businesses.
For individuals, the bill empowers them with greater control over their personal data, granting access to, correction, and deletion options. Indians can expect more transparency regarding how their data is used and shared, allowing them to exercise better control over their online presence. This empowerment will bring forth a new era of digital rights and privacy consciousness.
Q: The bill introduces stricter compliance standards. How will this change data processing in India?
Sunil: The bill will introduce stringent compliance measures, making it imperative for companies to implement robust data protection protocols. Businesses must prioritize user data protection from the beginning, incorporating privacy considerations into their product and service development lifecycles. This will result in more secure digital experiences and reduce data breaches. Companies will need to invest in data security infrastructure, appoint data protection officers, and conduct regular audits to ensure compliance.
Q: What are the penalties for non-compliance with the Data Protection Bill?
Sunil: The bill introduces strict penalties for non-compliance. Non-compliant companies may face substantial fines, which could be a fixed amount or a percentage of their global turnover, estimated to be around 250 Crore. Fines may escalate based on the severity and duration of non-compliance. Additionally, affected individuals may receive compensation in cases of data breaches or harm due to non-compliance. Authorities may also have the power to suspend or revoke licenses held by non-compliant entities.
Q: There were concerns about the Right to Freedom and Right to Information Act in the draft bill. How does the bill address these concerns shared by major technology companies like MAGMA?
Sunil: The Data Protection Bill is likely to strike a balance between protecting individuals' privacy and addressing the concerns of major technology companies like MAGMA. It provides clear guidelines and regulations on data collection, processing, and sharing, allowing companies to understand their obligations and implement necessary measures. The bill is also likely to offer flexibility in implementing privacy measures based on the size and nature of organizations, avoiding undue burden on smaller businesses while ensuring data protection. It emphasizes obtaining explicit consent from individuals before data collection and strengthens user rights.
Q: What are you witnessing in terms of demand for data protection solutions, and have you received any noteworthy feedback from clients?
Sunil: We are witnessing heightened interest among Indian IT corporations in preparing for the upcoming privacy law. Many organizations lack a well-defined data disposal policy and are vulnerable to data breach risks. Awareness about implementing secure device disposal technology is also lacking. Our product line, Bitraser, meets the current market demand and is used by Fortune 500 companies, government organizations, SMEs, and service providers worldwide. The recent data breach incidents, like the one involving Morgan Stanley, have increased awareness, and organizations are eager to implement media sanitization software to ensure no residual data is left on devices that leave their custody.