Starting a business | promunim of india - promunim of india

Related Guide

    1. Overview

    The Personal Data Protection Bill (PDPB) is India's new data protection law that will apply to all businesses and organizations that are offering goods and services to Indian citizens, or to those monitoring the behavior of Indian citizens, or who are processing personal data. The PDPB is expected to come into force soon, and it's essential that SMEs prepare for the changes it will bring.

    2. Review it now

    The PDPB is a significant update to India's data protection laws, and preparing for it will require your full attention. It's essential to review the legislation online now and understand the changes it will bring to your business. The PDPB will introduce new requirements for data protection, including the need for explicit consent from individuals before collecting their personal data.

    3. Understand the new changes

    The PDPB will introduce several new changes that will impact your current processes, including:

    - The right to be forgotten: Individuals will have the right to request that their personal data be deleted.
    - Subject access requests: Individuals will have the right to request access to their personal data.
    - Data breach notification: Organizations will be required to notify the authorities and affected individuals in the event of a data breach.

    You may need to draw up a plan for responding to such requests, as the PDPB will require organizations to respond to requests within a specified timeframe.

    4. Map out what data and personal data you store

    It's essential to understand where your data is stored, what systems you use, and how you use it. Consider whether invasive means of collecting personal data are used and if the data is processed fairly and lawfully. This means informing people about the purpose and use of personal data collected and how your business will process that.

    At this stage, you may want to consider a privacy impact assessment to identify potential risks and mitigate them.

    5. Securely delete old data

    If you are storing data that you no longer require (and are not legally obliged to keep), then securely delete it. Disposing of unnecessary data will help reduce risk. Kindly ensure that it is securely erased using specialized equipment and software.

    6. Let your employees and suppliers know

    Please ensure that all your employees and suppliers are informed of any changes to your processes and procedures that may affect them. They will also need time to adjust and prepare.

    More Information

    Visit the Ministry of Electronics and Information Technology (MeitY) website for up-to-date information on the PDPB, useful guides on what steps you need to take, and when.

    Also, refer to the following:

    - The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
    - The Information Technology (Intermediary Guidelines) Rules, 2011
    - The Indian Contract Act, 1872
    - The Indian Penal Code, 1860

    By following these tips, you can prepare your SME for the changes that the PDPB will bring and ensure that you are compliant with India's new data protection laws.