The document discusses data protection laws in India. It provides definitions of data and databases. India does not have specific data protection legislation, but data can be protected through various acts like the Constitution, Information Technology Act 2000, and Copyright Act 1957. The Information Technology Act 2000 defines data and provides some penalties for damaging computers or disclosing private information without consent. However, it does not define what constitutes "reasonable security practices and procedures" or address territorial applicability of these laws. The document also discusses approaches to data protection in the US, UK, and some cases involving data issues in India. It notes that when data is transferred outside India, it receives no legal protection.
The document summarizes key aspects of the proposed Digital Personal Data Protection Act 2023 in India, including its scope, definitions, obligations of data fiduciaries, grounds for processing personal data, notice requirements for data principals, and penalties for non-compliance. It outlines categories of entities that would be considered significant data fiduciaries and the additional obligations that would apply to them. The summary also compares some aspects of the proposed Indian law to the General Data Protection Regulation (GDPR) in the European Union.
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
Right to privacy on internet and Data Protectionatuljaybhaye
The document discusses the concepts of privacy and data protection on the internet. It defines the right to privacy and explains how privacy is recognized differently across various jurisdictions like the Universal Declaration of Human Rights, European Convention on Human Rights, and the Constitution of India. It also summarizes key privacy laws in the US and UK. The document then discusses various threats to privacy from technologies like cookies, web bugs, and viruses. It provides details about sensitive personal data protection laws in India and the UK. Finally, it discusses the right to privacy versus the right to interception under Indian law.
The Data Protection Act 1998 protects people's personal information. O2 mobile customers in the UK were inadvertently sharing their phone numbers with websites they visited. This privacy breach could allow site owners to collect numbers for marketing calls and texts without consent. The Information Commissioner's Office is considering investigating further, but a phone number alone is not currently classified as personal identifying information under the Act.
The document summarizes India's Personal Data Protection Bill from 2018. It discusses key aspects of the bill such as its similarities to Europe's GDPR, definitions of personal data and actors like data principals and fiduciaries. It also outlines obligations of fiduciaries, grounds for processing data, requirements around data localization and cross-border transfers. Rights of individuals and penalties for non-compliance are also summarized. In conclusion, it discusses how the bill was influenced by a recent Supreme Court decision establishing privacy as a fundamental right and that data protection law in India is currently transitioning.
GDPR Basics - General Data Protection RegulationVicky Dallas
The General Data Protection Regulation (GDPR) is a new EU privacy law that strengthens and unifies data protection for individuals within the European Union. It aims to give EU citizens more control over their personal data and to simplify regulations for international businesses. Key aspects of the GDPR include individuals having the right to access, correct and delete their personal data. It also introduces strict rules on obtaining consent and heightened requirements for companies to protect customer data. The GDPR will be enforced beginning May 25, 2018.
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
The document discusses data protection laws in India. It provides definitions of data and databases. India does not have specific data protection legislation, but data can be protected through various acts like the Constitution, Information Technology Act 2000, and Copyright Act 1957. The Information Technology Act 2000 defines data and provides some penalties for damaging computers or disclosing private information without consent. However, it does not define what constitutes "reasonable security practices and procedures" or address territorial applicability of these laws. The document also discusses approaches to data protection in the US, UK, and some cases involving data issues in India. It notes that when data is transferred outside India, it receives no legal protection.
The document summarizes key aspects of the proposed Digital Personal Data Protection Act 2023 in India, including its scope, definitions, obligations of data fiduciaries, grounds for processing personal data, notice requirements for data principals, and penalties for non-compliance. It outlines categories of entities that would be considered significant data fiduciaries and the additional obligations that would apply to them. The summary also compares some aspects of the proposed Indian law to the General Data Protection Regulation (GDPR) in the European Union.
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
Right to privacy on internet and Data Protectionatuljaybhaye
The document discusses the concepts of privacy and data protection on the internet. It defines the right to privacy and explains how privacy is recognized differently across various jurisdictions like the Universal Declaration of Human Rights, European Convention on Human Rights, and the Constitution of India. It also summarizes key privacy laws in the US and UK. The document then discusses various threats to privacy from technologies like cookies, web bugs, and viruses. It provides details about sensitive personal data protection laws in India and the UK. Finally, it discusses the right to privacy versus the right to interception under Indian law.
The Data Protection Act 1998 protects people's personal information. O2 mobile customers in the UK were inadvertently sharing their phone numbers with websites they visited. This privacy breach could allow site owners to collect numbers for marketing calls and texts without consent. The Information Commissioner's Office is considering investigating further, but a phone number alone is not currently classified as personal identifying information under the Act.
The document summarizes India's Personal Data Protection Bill from 2018. It discusses key aspects of the bill such as its similarities to Europe's GDPR, definitions of personal data and actors like data principals and fiduciaries. It also outlines obligations of fiduciaries, grounds for processing data, requirements around data localization and cross-border transfers. Rights of individuals and penalties for non-compliance are also summarized. In conclusion, it discusses how the bill was influenced by a recent Supreme Court decision establishing privacy as a fundamental right and that data protection law in India is currently transitioning.
GDPR Basics - General Data Protection RegulationVicky Dallas
The General Data Protection Regulation (GDPR) is a new EU privacy law that strengthens and unifies data protection for individuals within the European Union. It aims to give EU citizens more control over their personal data and to simplify regulations for international businesses. Key aspects of the GDPR include individuals having the right to access, correct and delete their personal data. It also introduces strict rules on obtaining consent and heightened requirements for companies to protect customer data. The GDPR will be enforced beginning May 25, 2018.
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
The document discusses privacy laws in India related to digital data and personally identifiable information. It outlines key concepts around data privacy, categories of private data under Indian law, and relevant sections of the Information Technology Act 2000 regarding unauthorized access to data, compensation for failure to protect sensitive personal data, and criminal offenses for disclosure of private information. It also briefly mentions some global privacy laws like the Gramm–Leach–Bliley Act in the US.
The General Data Protection Regulation (GDPR) is a European Union law that strengthens and unifies data protection for individuals within the EU. It aims to give control to individuals over their personal data and simplify the regulatory environment for international business. Key provisions include strict rules on consent, rights of access and erasure, breach notification, and increased fines. Under GDPR, all companies that collect EU citizens' data must comply with regulations regarding how personal data is collected, processed, stored, and protected. [/SUMMARY]
Presented at: 2nd Annual Gulf Cooperation Council e-Participation & e-Governance Forum – Organised by: Abu Dhabi University Knowledge Group and UAE Telecommunications Regulatory Authority.
9 – 11 September 2013 | Dusit Thani Hotel | Abu Dhabi | UAE.
This document discusses data protection and privacy in India. It defines key terms like data protection and privacy. It explains the need for data protection and differentiates between data protection and privacy. It also discusses cyber security threats and classifications. Methods of data protection discussed include encryption, SSL, firewalls, antivirus software and more. India's SPDI rules regarding sensitive personal data are outlined. The document also provides information on how to lodge a complaint in case of a cyber crime and lists some penal provisions in Indian law relating to data protection.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
The document discusses data protection in India as the country transitions to a digital economy. It notes that India has over 450 million internet users and the government has launched a "Digital India" initiative. However, with increased data collection and use, protection of personal data has become important. The government has drafted a white paper that outlines key principles for a data protection law, including technology neutrality, informed consent, data minimization, and accountability. The white paper was released for public consultation to help shape India's comprehensive data protection law and ensure privacy protections are balanced with enabling innovation.
1) Ongoing digital transformation will create increased privacy and security threats due to the growth of technologies like 5G and increased use of personal data for business purposes.
2) There has been a continued increase in privacy breaches and enforcements beyond just data security, including cases involving social media use and children's data processing. Fines for breaches have increased substantially.
3) There is a transition occurring from data protection to data governance as the demand for data protection expertise grows significantly. This is driven by new and updated privacy laws and increased enforcement actions.
Digital personal data protection act, 2023.pptxDineshPrasad64
Digital personal data protection act, 2023 passed by the parliament and shall be enforced as soon as central government publish rules in the official gazette. It apply to the processing of digital personal data within the territory of India where the personal data is collected–(i) in digital form; or (ii) in non-digital form and digitised subsequently.
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
The document discusses privacy and data protection. It defines privacy as an individual's ability to control how and when personal information is shared with others. It outlines several international agreements that establish privacy as a universal human right. The document also discusses the three dimensions of privacy - personal, territorial, and informational - and basic privacy principles like transparency and purpose limitation.
A DPIA is a well-ordered list of data processing methods and purposes
A DPIA is also a proactive measure to safeguard and protect data using certified security mechanisms.
DPIA will help organisations to:
Identify
Fix problems at an early stage
Reducing the related costs
Damage to reputation
Norfolk Chamber delivered a morning conference based around the European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. Delegates heared from a variety of GDPR expert speakers from legal, marketing, IT and Data Protection perspectives.
The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce. It is based on the United Nations Model Law on Electronic Commerce 1996 (UNCITRAL Model) recommended by the General Assembly of United Nations by a resolution dated 30 January 1997.
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
The document discusses the concept of privacy from several perspectives. It defines privacy as an individual's right to control information about themselves and determine how, when and to what extent it is shared. The document traces the evolution of privacy rights in India, from being viewed as a tort to being established in the constitution. It examines privacy in the context of technologies like email, social media and debates issues around government surveillance and security versus privacy.
The document provides an overview of Malaysia's Personal Data Protection Act 2010. It discusses key aspects of the Act including the establishment of a Personal Data Protection Commissioner, the 7 data protection principles, and requirements around notice, consent, disclosure, security, retention, data integrity and access. It also discusses some examples of data breaches and penalties for non-compliance. The Act aims to regulate the processing of personal data and protect privacy as digital data and internet usage continues to grow significantly.
Cybercrime Investigations and IT Act,2000Karnika Seth
This document provides an overview of the legal framework for cybercrime investigations in India. It discusses the Information Technology Act 2000 and 2008 amendments, which provide the main legal statutes governing cybercrimes. The amendments aimed to address new cybercrimes, strengthen evidence collection and increase accountability of intermediaries. Key aspects covered include cybercrime definitions, investigating agency powers, adjudicating authorities, and responsibilities of network service providers.
This document provides an overview and introduction to cyber laws in India, specifically the Information Technology Act 2000. Some key points:
- The IT Act was passed in 2000 and aimed to provide legal recognition for electronic records and transactions to facilitate e-commerce. It amended several other acts related to evidence and records.
- A major amendment was made in 2008 to address criticisms and keep up with technological changes. It focused on data privacy, information security, and added new cyber crimes like child pornography.
- The document discusses some notable Indian cases where sections of the IT Act like Section 66A were used, sometimes controversially, to arrest individuals for online speech or dissent.
- Other acts amended by the IT Act
This document discusses data privacy and protection laws in India. It provides an overview of the key legislation governing this area, the Information Technology Act 2000 and amendments. It outlines some international privacy laws as examples. The document then details India's Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 which regulate how companies must handle sensitive personal data and ensure security practices. It also discusses data theft issues and related penal provisions under the IT Act and Indian Penal Code.
The document discusses the Right to Information Act (RTI) of India. It provides background on the history of freedom of information laws internationally and in India. It describes key aspects of the RTI Act, including what information can be requested, costs and timelines associated with requests, roles of Public Information Officers, and appeal processes. Examples of successful uses of RTI are also mentioned.
The document provides an overview and analysis of Bahrain's Personal Data Protection Law (PDPL). Some key points:
- The PDPL is Bahrain's primary data protection law, modeled after the EU's GDPR. It aims to establish requirements for processing personal data.
- The law applies to entities processing personal data of Bahraini residents, regardless of location. It provides for data subject rights and sets guidelines for processing, transfers, compliance, and penalties for violations.
- An analysis compares features of the PDPL to the GDPR, finding similarities in scope, rights, and legal bases for processing but less stringent penalties under the PDPL.
- The conclusion states that companies must evaluate the
The General Data Protection Regulation (GDPR) in Ireland-What You Should KnowTerry Gorry
The General Data Protection Regulation (GDPR) came into effect on 25th May, 2018. This presentation looks at the key principles and concepts in the GDPR regulation
The document discusses privacy laws in India related to digital data and personally identifiable information. It outlines key concepts around data privacy, categories of private data under Indian law, and relevant sections of the Information Technology Act 2000 regarding unauthorized access to data, compensation for failure to protect sensitive personal data, and criminal offenses for disclosure of private information. It also briefly mentions some global privacy laws like the Gramm–Leach–Bliley Act in the US.
The General Data Protection Regulation (GDPR) is a European Union law that strengthens and unifies data protection for individuals within the EU. It aims to give control to individuals over their personal data and simplify the regulatory environment for international business. Key provisions include strict rules on consent, rights of access and erasure, breach notification, and increased fines. Under GDPR, all companies that collect EU citizens' data must comply with regulations regarding how personal data is collected, processed, stored, and protected. [/SUMMARY]
Presented at: 2nd Annual Gulf Cooperation Council e-Participation & e-Governance Forum – Organised by: Abu Dhabi University Knowledge Group and UAE Telecommunications Regulatory Authority.
9 – 11 September 2013 | Dusit Thani Hotel | Abu Dhabi | UAE.
This document discusses data protection and privacy in India. It defines key terms like data protection and privacy. It explains the need for data protection and differentiates between data protection and privacy. It also discusses cyber security threats and classifications. Methods of data protection discussed include encryption, SSL, firewalls, antivirus software and more. India's SPDI rules regarding sensitive personal data are outlined. The document also provides information on how to lodge a complaint in case of a cyber crime and lists some penal provisions in Indian law relating to data protection.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
The document discusses data protection in India as the country transitions to a digital economy. It notes that India has over 450 million internet users and the government has launched a "Digital India" initiative. However, with increased data collection and use, protection of personal data has become important. The government has drafted a white paper that outlines key principles for a data protection law, including technology neutrality, informed consent, data minimization, and accountability. The white paper was released for public consultation to help shape India's comprehensive data protection law and ensure privacy protections are balanced with enabling innovation.
1) Ongoing digital transformation will create increased privacy and security threats due to the growth of technologies like 5G and increased use of personal data for business purposes.
2) There has been a continued increase in privacy breaches and enforcements beyond just data security, including cases involving social media use and children's data processing. Fines for breaches have increased substantially.
3) There is a transition occurring from data protection to data governance as the demand for data protection expertise grows significantly. This is driven by new and updated privacy laws and increased enforcement actions.
Digital personal data protection act, 2023.pptxDineshPrasad64
Digital personal data protection act, 2023 passed by the parliament and shall be enforced as soon as central government publish rules in the official gazette. It apply to the processing of digital personal data within the territory of India where the personal data is collected–(i) in digital form; or (ii) in non-digital form and digitised subsequently.
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
The document discusses privacy and data protection. It defines privacy as an individual's ability to control how and when personal information is shared with others. It outlines several international agreements that establish privacy as a universal human right. The document also discusses the three dimensions of privacy - personal, territorial, and informational - and basic privacy principles like transparency and purpose limitation.
A DPIA is a well-ordered list of data processing methods and purposes
A DPIA is also a proactive measure to safeguard and protect data using certified security mechanisms.
DPIA will help organisations to:
Identify
Fix problems at an early stage
Reducing the related costs
Damage to reputation
Norfolk Chamber delivered a morning conference based around the European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. Delegates heared from a variety of GDPR expert speakers from legal, marketing, IT and Data Protection perspectives.
The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce. It is based on the United Nations Model Law on Electronic Commerce 1996 (UNCITRAL Model) recommended by the General Assembly of United Nations by a resolution dated 30 January 1997.
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
The document discusses the concept of privacy from several perspectives. It defines privacy as an individual's right to control information about themselves and determine how, when and to what extent it is shared. The document traces the evolution of privacy rights in India, from being viewed as a tort to being established in the constitution. It examines privacy in the context of technologies like email, social media and debates issues around government surveillance and security versus privacy.
The document provides an overview of Malaysia's Personal Data Protection Act 2010. It discusses key aspects of the Act including the establishment of a Personal Data Protection Commissioner, the 7 data protection principles, and requirements around notice, consent, disclosure, security, retention, data integrity and access. It also discusses some examples of data breaches and penalties for non-compliance. The Act aims to regulate the processing of personal data and protect privacy as digital data and internet usage continues to grow significantly.
Cybercrime Investigations and IT Act,2000Karnika Seth
This document provides an overview of the legal framework for cybercrime investigations in India. It discusses the Information Technology Act 2000 and 2008 amendments, which provide the main legal statutes governing cybercrimes. The amendments aimed to address new cybercrimes, strengthen evidence collection and increase accountability of intermediaries. Key aspects covered include cybercrime definitions, investigating agency powers, adjudicating authorities, and responsibilities of network service providers.
This document provides an overview and introduction to cyber laws in India, specifically the Information Technology Act 2000. Some key points:
- The IT Act was passed in 2000 and aimed to provide legal recognition for electronic records and transactions to facilitate e-commerce. It amended several other acts related to evidence and records.
- A major amendment was made in 2008 to address criticisms and keep up with technological changes. It focused on data privacy, information security, and added new cyber crimes like child pornography.
- The document discusses some notable Indian cases where sections of the IT Act like Section 66A were used, sometimes controversially, to arrest individuals for online speech or dissent.
- Other acts amended by the IT Act
This document discusses data privacy and protection laws in India. It provides an overview of the key legislation governing this area, the Information Technology Act 2000 and amendments. It outlines some international privacy laws as examples. The document then details India's Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 which regulate how companies must handle sensitive personal data and ensure security practices. It also discusses data theft issues and related penal provisions under the IT Act and Indian Penal Code.
The document discusses the Right to Information Act (RTI) of India. It provides background on the history of freedom of information laws internationally and in India. It describes key aspects of the RTI Act, including what information can be requested, costs and timelines associated with requests, roles of Public Information Officers, and appeal processes. Examples of successful uses of RTI are also mentioned.
The document provides an overview and analysis of Bahrain's Personal Data Protection Law (PDPL). Some key points:
- The PDPL is Bahrain's primary data protection law, modeled after the EU's GDPR. It aims to establish requirements for processing personal data.
- The law applies to entities processing personal data of Bahraini residents, regardless of location. It provides for data subject rights and sets guidelines for processing, transfers, compliance, and penalties for violations.
- An analysis compares features of the PDPL to the GDPR, finding similarities in scope, rights, and legal bases for processing but less stringent penalties under the PDPL.
- The conclusion states that companies must evaluate the
The General Data Protection Regulation (GDPR) in Ireland-What You Should KnowTerry Gorry
The General Data Protection Regulation (GDPR) came into effect on 25th May, 2018. This presentation looks at the key principles and concepts in the GDPR regulation
The document provides an in-depth analysis of India's newly introduced Digital Personal Data Protection Act, 2023. It highlights the Act's key provisions, including the scope of applicability, lawful grounds for processing personal data, consent and notice requirements, obligations of data fiduciaries and significant data fiduciaries, and more. The analysis compares the Act to its previous iterations and other data protection laws. It also provides a compliance roadmap to help organizations adhere to the Act's mandates.
The document provides an overview of the UAE's new Personal Data Protection Law (PDPL). Some key points:
- The PDPL became effective in January 2022 and aims to protect privacy and personal data by establishing requirements for data processing.
- It applies to data controllers and processors operating in the UAE or handling data of UAE residents. Some government and health data is exempt.
- The law establishes rights for data subjects, requirements for lawful processing, security measures, data transfers, and appointments of data protection officers.
- It introduces mechanisms for data subject complaints and potential penalties for non-compliance, to be enforced by the UAE Data Office. The document compares the PDPL to the
A Brave New World Of Data Protection. Ready? Counting down to GDPR. dan hyde
This document discusses the key requirements of the General Data Protection Regulation (GDPR) that will take effect in May 2018. It explains that GDPR will apply broadly to any company that handles personal data of Europeans, regardless of location. It outlines important concepts like data subjects, data controllers, and data processing. It also summarizes the core GDPR principles of lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; limited storage; integrity and confidentiality; and accountability. The document provides examples of lawful bases for processing personal data and notes that explicit consent is required for special categories of sensitive data.
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
The Data Protection Act 2019, was enacted on November 8th, 2019, ushering a new era of accountability and responsibility with regard to processing of personal data and information. Naturally, there has been a resurrection of the chatter around data protection in increasingly data-driven social and economic settings. The question on everyone’s mind being what does this mean for me?
The top 10 GDPR requirements are:
1) Organizations must provide training to employees on protecting personal data and identifying breaches.
2) Companies can only collect the minimum personal data needed and must delete it once the purpose is complete.
3) Data subjects have rights like accessing their data, correcting it, and objecting or deleting it.
This document provides an overview of the key aspects of the General Data Protection Regulation (GDPR) which takes effect in May 2018. It defines personal data and the expanded rights of individuals over their data. It outlines increased fines for non-compliance and new requirements for obtaining consent, data protection measures, breach reporting, and individual access rights. It recommends steps companies should take to prepare for GDPR compliance and describes IBM's solutions to help with governance, training, processes, data management, and security.
On 25 May 2018 the new General Data Protection Regulation (GDPR) will come into force, replacing all existing data protection regulations.
Payroll bureaus process large amounts of personal data in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
BrightPay hosted a free CPD accredited webinar alongside Bright Contracts where we discussed everything that accountants, bookkeepers and payroll bureaus need to know about GDPR.
For more information visit https://www.brightpay.co.uk
Guide to-the-general-data-protection-regulationN N
The document provides a guide to the General Data Protection Regulation (GDPR), which takes effect in May 2018. It highlights several key changes and requirements of the new law, including: tightening the rules for consent; making the appointment of a data protection officer mandatory for some organizations; introducing mandatory privacy impact assessments and data breach notification; and expanding individuals' rights to access and delete their personal data. The guide is intended to help organizations assess their GDPR readiness and comply with the new requirements.
The document provides an overview of the General Data Protection Regulation (GDPR) that will replace existing European Union data protection laws in May 2018. It discusses key aspects of GDPR compliance including strict privacy principles, increased individual rights over personal data, heavy penalties for non-compliance, and the requirement for some businesses to appoint a Data Protection Officer. The document also examines effects of GDPR on marketing to businesses and provides recommendations for steps businesses should take to prepare for GDPR requirements.
The General Data Protection Regulation (GDPR) is a new EU data protection law that takes effect in May 2018. It places greater obligations on organizations to protect personal data and privacy. The GDPR expands the definition of personal data, increases requirements for consent and transparency, strengthens individual rights, and imposes tougher fines for non-compliance. Businesses need to review their data protection practices, identify any risks, and make changes to policies and procedures to ensure compliance with the new law. Failure to comply could result in significant fines of up to 4% of global revenue.
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
Presentation at the CPPP conference 2020 on the core issues SMEs and SME Associations have identified in applying the GDPR. This research work has been developed within the STAR II project.
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
The General Data Protection Regulation is one of the most wide ranging pieces of legislation passed by the EU in recent years. The GDPR comes into effect on 25 May 2018. The new framework is ambitious, complex and strict. It presents any organization that has so far failed to begin preparations with a steep challenge to become GDPR compliant in time.
We have summarized the key issues in our GDPR brochure.
The slide deck provides an overview of key aspects of the General Data Protection Regulation (GDPR) that businesses need to be aware of and comply with. Some of the main points covered include:
1) GDPR requirements for obtaining and documenting valid consent for processing personal data, providing privacy notices, and respecting individual rights to access, rectify and erase their data.
2) The roles and responsibilities of controllers and processors of personal data and requirements for contracts between them.
3) Lawful bases for processing personal data and additional conditions for processing special categories of sensitive personal data.
4) Requirements for data protection by design and default, conducting data protection impact assessments, and managing data breaches.
“Data localisation or data residency laws require data about a nations' citizens or residents be collected, processed, and/or stored inside the country, often before being transferred internationally, and usually transferred only after meeting local privacy or data protection laws, such as giving the user notice of how the information will be used and obtaining their consent.” - Wikipedia
Similar to An overview of the Indian Data Privacy Bill (20)
Business law for the students of undergraduate level. The presentation contains the summary of all the chapters under the syllabus of State University, Contract Act, Sale of Goods Act, Negotiable Instrument Act, Partnership Act, Limited Liability Act, Consumer Protection Act.
Genocide in International Criminal Law.pptxMasoudZamani13
Excited to share insights from my recent presentation on genocide! 💡 In light of ongoing debates, it's crucial to delve into the nuances of this grave crime.
Receivership and liquidation Accounts
Being a Paper Presented at Business Recovery and Insolvency Practitioners Association of Nigeria (BRIPAN) on Friday, August 18, 2023.
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordinary And Special Businesses And Ordinary And Special Resolutions with Companies (Postal Ballot) Regulations, 2018
Matthew Professional CV experienced Government LiaisonMattGardner52
As an experienced Government Liaison, I have demonstrated expertise in Corporate Governance. My skill set includes senior-level management in Contract Management, Legal Support, and Diplomatic Relations. I have also gained proficiency as a Corporate Liaison, utilizing my strong background in accounting, finance, and legal, with a Bachelor's degree (B.A.) from California State University. My Administrative Skills further strengthen my ability to contribute to the growth and success of any organization.
Lifting the Corporate Veil. Power Point Presentationseri bangash
"Lifting the Corporate Veil" is a legal concept that refers to the judicial act of disregarding the separate legal personality of a corporation or limited liability company (LLC). Normally, a corporation is considered a legal entity separate from its shareholders or members, meaning that the personal assets of shareholders or members are protected from the liabilities of the corporation. However, there are certain situations where courts may decide to "pierce" or "lift" the corporate veil, holding shareholders or members personally liable for the debts or actions of the corporation.
Here are some common scenarios in which courts might lift the corporate veil:
Fraud or Illegality: If shareholders or members use the corporate structure to perpetrate fraud, evade legal obligations, or engage in illegal activities, courts may disregard the corporate entity and hold those individuals personally liable.
Undercapitalization: If a corporation is formed with insufficient capital to conduct its intended business and meet its foreseeable liabilities, and this lack of capitalization results in harm to creditors or other parties, courts may lift the corporate veil to hold shareholders or members liable.
Failure to Observe Corporate Formalities: Corporations and LLCs are required to observe certain formalities, such as holding regular meetings, maintaining separate financial records, and avoiding commingling of personal and corporate assets. If these formalities are not observed and the corporate structure is used as a mere façade, courts may disregard the corporate entity.
Alter Ego: If there is such a unity of interest and ownership between the corporation and its shareholders or members that the separate personalities of the corporation and the individuals no longer exist, courts may treat the corporation as the alter ego of its owners and hold them personally liable.
Group Enterprises: In some cases, where multiple corporations are closely related or form part of a single economic unit, courts may pierce the corporate veil to achieve equity, particularly if one corporation's actions harm creditors or other stakeholders and the corporate structure is being used to shield culpable parties from liability.
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee
Presentation slides for a session held on June 4, 2024, at Kyoto University. This presentation is based on the presenter’s recent paper, coauthored with Hwang Lee, Professor, Korea University, with the same title, published in the Journal of Business Administration & Law, Volume 34, No. 2 (April 2024). The paper, written in Korean, is available at <https://shorturl.at/GCWcI>.
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersHarpreetSaini48
Discover how Mississauga criminal defence lawyers defend clients facing weapon offence charges with expert legal guidance and courtroom representation.
To know more visit: https://www.saini-law.com/
The Future of Criminal Defense Lawyer in India.pdfveteranlegal
https://veteranlegal.in/defense-lawyer-in-india/ | Criminal defense Lawyer in India has always been a vital aspect of the country's legal system. As defenders of justice, criminal Defense Lawyer play a critical role in ensuring that individuals accused of crimes receive a fair trial and that their constitutional rights are protected. As India evolves socially, economically, and technologically, the role and future of criminal Defense Lawyer are also undergoing significant changes. This comprehensive blog explores the current landscape, challenges, technological advancements, and prospects for criminal Defense Lawyer in India.
2. 2
APPLICABILITY
Processing of personal data:
• Where such data has been collected, disclosed, shared or
otherwise processed within the territory of India; and
• by any Indian company, any Indian citizen or any person or
body of persons incorporated or created under Indian law.
The PDPB does not apply to processing of anonymised data.
PDPB shall apply to data fiduciaries or data processors not present
within the territory of India, only if such processing is:
in connection with any business carried on in India, or any
systematic activity of offering goods or services to data principals
within the territory of India;
or in connection with any activity which involves profiling of data
principals within the territory of India.
Remarks:
If personal data of foreign nationals is shared with an Indian
Company to comply with management/statutory reporting
requirement, PDPB shall not apply to such foreign company.
If personal data of a person is anonymised through an
irreversible process, such that the person cannot be identified,
PDPB shall not apply.
3. 3
TRANSITIONAL PROVISION
The Act once notified, a period of 12 months thereto is prescribed
for notifying various Rules and Regulations thereunder.
The Data Protection Authority (DPA) will be constituted within a
period of 15 months from enactment of the Act.
DPA is conferred with the powers to issue code of practice on
various principles of data protection obligations and to notify
exceptional grounds for processing personal data without seeking
consent.
The Act once notified, various provisions will come into effect
within a span of 1 to 2 and a half year.
Remarks:
Although the Bill has prescribed a transition period, the
penalties prescribed are quite onerous and are almost at par
with GDPR of EU. Further after the landmark judgement of
Supreme Court recognising privacy as fundamental right, it is
imperative for the organisation to re-look at its systems and
processes while the law is being enacted.
OVERRIDING EFFECT OF THIS ACT
In event of any inconsistency, PDPA will have an overriding effect
over any other laws.
The said laws will also rescind the existing the Information
Technology (Reasonable security practices and procedures and
sensitive personal data or information) Rules, 2011.
4. 4
GROUNDS FOR PROCESSING OF PERSONAL DATA
Remarks:
Except the events stated herein above in the diagram, consent is a
pre-requisite before processing personal data. The consent has to
qualify all the attributes of sec. 12 of PDPB.
The burden of proof to establish that a valid consent was given by
the individual is on the data fiduciary.
In the event an individual, who is a party to a contract withdraws
consent to processing of his personal data, which is necessary to
performance of a contract, all legal consequences arising out of
such withdrawal has to borne by the respective individual only.
The Bill explicitly states that consent is not essential to processing
of personal data of an employee in relation to employment.
However, processing of sensitive personal data in relation to
employment may require explicit consent of the employees,
currently there is an ambiguity on this aspect and clarification is
being sought.
In the event of corporate restructuring events such as mergers
and acquisitions, prevention and detection of frauds, network and
information security measures, etc., given the fact these purposes
are reasonable purpose and seeking consent wouldn’t be a viable
option, DPA will issue a list of such purposes along with the
security measures company should ensure thereto.
PERMISSIBLE PROCESSING
Basis
Consent
Function
of the
State
Compliance with law or
compliance with any
order of the court or
tribunal
In case of
emergency
In relation to
employment
For
reasonable
purposes
Consent is not a pre-requisite in such events.
5. 5
PROCESSING THROUGH CONTRACTORS/SUB-CONTRACTORS
A Company can process personal data of an individual through
contractor/sub-contractor strictly only on execution of a valid
contract.
The contract so executed should restrict the vendor from further
engaging a sub – contractor unless expressly agreed by the
Company in the contract.
The purpose for processing such data should be solely
determined by the Company.
Remarks:
It is imperative to bind the contractor with obligation to
protect and treat the data as confidential. It is also important
to ensure that the liability of the contractor in the event of
breach is not capped and unlimited, further the Company
should also have indemnity right.
6. 6
CROSS-BORDER TRANSFER OF PERSONAL DATA
Cross- border transfer of personal data will be allowed only
pursuant to standard contractual clauses or intra- group scheme
duly approved by Authority.
PDPB mandates storage of one copy of the personal data to whom
the Act applies, on a server maintained in India.
The Authority will notify list of critical data which mandatorily
needs to be maintained only in India.
Central Government may notify few exemptions to the above.
Remarks:
On account of increasing instances of fraud/scams, recently
RBI vide its circular dated 6th April, 2018 has mandated
maintenance of all payments system within India latest by 15th
Oct, 2018. While there are multiple re-presentations to the
Government on the matter, RBI haven’t relaxed the condition
yet and in the interim the Bill aswell now mandates
maintenance of one copy of the personal data being processed
outside India, in India. It is imperative for the organisations
maintaining personal data of individuals outside India to
review their processes and system.
7. 7
TRANSPARENCY AND ACCOUNTABILITY MEASURES
Remarks:
Actions listed in Group B are required to be complied only by
such class of data fiduciary and significant data fiduciaries as
may be notified by Data Protection Authority.
PRIVACY BY
DESIGN
•The
management,
organisational
practices
should be
aligned to the
interest of the
Data
Principals.
TRANSPARENCY
•The purpose
and operation
involved in
processing is
required to be
disclosed to the
Data Principals
SECURITY
SAFEGUARDS
•Organisation
should take
appropriate
security
measures to
protect the
integrity of
the data.
PERSONAL
DATA BREACH
•Depending on
the severity of
the harm
caused, the
Data Principal
is required to
be initiated.
GroupA
DATA PROTECTION
IMPACT
ASSESSMENT
• Before
undertaking any
new processing
activity or
technological
change or large
scale profiling
or use of SPD,
Company
mandatorily has
to undertake
Data Impact
Assessment
RECORD KEEPING
• Company need
to maintain
complete
record of end -
to end data
processing
activity for such
period as may
be notified by
the Authority.
DATA AUDITS
•Company has
to get its
processes
involved in
processing of
personal data
audited by an
independent
data auditor
annually.
DATA PROTECTION
OFFICER
• A DPO needs to
be appointed
who can guide
the Company in
relation to its
obligation
arising out of
PDPA.
• The aforesaid
role can be in
addition to any
other role
played by the
DPO.
GroupB
8. 8
RIGHTS OF DATA SUBJECT
Remarks:
An application has to be made to the Company in writing for
exercise of any of the said rights.
If Right to be Forgotten is exercised by an individual, however
there exist a dispute or company envisage a litigation,
regulatory enquiry or is required to maintain the data until the
stipulated statutory period, in such events Company can refuse
eraser of data to the person concerned in writing.
Company is required to have in place a robust grievance
redressal mechanism in place. A DPO so designated or an
officer authorised for this purpose should be the point of
contact for the data principals.
The grievance if raised has to be resolved within a period of 30
days, if not resolved or not satisfactorily resolved data
principal has a right to file a complaint with adjudicating wing.
POWERS VESTED WITH THE AUTHORITY
The Authority is vested with the power to call for information,
conduct inquiry, search and seizure.
Rights of
Data
Subject
Right to
correction
Right to
Data
Portability
Right to
confirmation
and access
Right to
be
forgotten
9. 9
DATA PROTECTION OBLIGATIONS
Remarks:
An application has to be made to the Company in writing for
exercise of any of the said rights.
If Right to be Forgotten is exercised by an individual, however
there exist a dispute or company envisage a litigation,
regulatory enquiry or is required to maintain the data until the
stipulated statutory period, in such events Company can refuse
eraser of data to the person concerned in writing.
Company is required to have in place a robust grievance
redressal mechanism in place. A DPO so designated or an officer
authorised for this purpose should be the point of contact for
the data principals.
The grievance if raised has to be resolved within a period of 30
days, if not resolved or not satisfactorily resolved data principal
has a right to file a complaint with adjudicating wing.
Fair and
reasonable
processing
Purpose
limitation
Collection
limitation
Lawful
processing
Notice Data Quality
Data Storage
Limitation
Accountability
10. 10
PENALTIES
PROVISIONS PENALTY
Failure to take prompt action in
response to data security breach
Failure on the part of significant
data fiduciary:
To undertake data protection
impact assessment
To conduct data audit
To register with the Authority
Up to 5 Crs. Or 2% of the
worldwide turnover of the
preceding financial year,
whichever is higher
Processing of personal data
against the data protection
obligation principles
Processing of personal data not
in accordance with the grounds
of processing as provided under
the law
Processing of sensitive personal
data not in accordance with the
grounds of processing as
provided under the law
Failure to adhere to the security
safeguards
Transfer of personal data in
violation of the Act
Up to 15 Crs. Or 4% of the
worldwide turnover of the
preceding financial year,
whichever is higher
11. 11
PROVISIONS PENALTY
Total worldwide turnover in relation to a data fiduciary is the
total worldwide turnover of the data fiduciary and the total
worldwide turnover of any group entity of the data fiduciary
where such turnover of a group entity arises as a result of the
processing activities of the data fiduciary, having regard to factors,
including—
(i) the alignment of the overall economic interests of the data
fiduciary and the group entity;
(ii) the relationship between the data fiduciary and the group
entity specifically in relation to the processing activity undertaken
by the data fiduciary; and
(iii) the degree of control exercised by the group entity over the
data fiduciary or vice versa, as the case may be.
Without any reasonable
explanation, failure to comply with
data principals request
Rs. 5000/- for each day
during which the default
continues, subject to a
maximum of Rs. 10 Lakhs
in case of significant data
fiduciaries and 5 lakhs in
other cases.
Failure to furnish reports, returns,
information to the Authority
Rs 10,000 for each day
during which such
default continues,
subject to a maximum
Rs.20 lakhs in case of
significant data
fiduciaries and 5 lakhs in
other cases.
PENALTIES CONTINUED…
12. 12
PROVISIONS PENALTY
Failure to comply with the order of the
Authority
Data Fiduciary - Up to
Rs 20,000 for each day
during which such
default continues,
subject to a maximum
Rs.2 Crs.
Processor – Up to Rs
5,000 for each day
during which such
default continues,
subject to a maximum
Rs. 50 lakhs.
Penalty for contravention where no
penalty is prescribed
Significant Data
Fiduciary – maximum
1 Cr.
Other data fiduciary
– maximum Rs. 25
lakhs.
PENALTIES CONTINUED…
Remarks on Penalties:
In addition to the penalty, the data principals also have right to
compensation for damages suffered.
The compensation awarded or penalty imposed, under the
PDPA does not limit the award of compensation or imposition
of any other penalty or punishment under any other law for the
time being in force.
13. 13
OFFENCES PUNISHABLE WITH IMPRISONMENT
Offence Liability
Personal Data
In contravention of the provision of the
Act, one obtains, disclose transfer, sell or
offer to sell personal data of a person
which causes significant harm to the data
principal
Imprisonment for a
term not exceeding
3 years or shall be
liable to fine which
may extend up to 2
lakhs or both.
Sensitive Personal Data
In contravention of the provision of the
Act, one obtains, disclose transfer, sell or
offer to sell personal data of a person
which causes significant harm to the data
principal
Imprisonment for a
term not exceeding
5 years or shall be
liable to fine which
may extend up to 3
lakhs or both.
Anyone who re-identification and
processes de-identified personal data
without the consent of data fiduciary or
processor
Imprisonment for a
term not exceeding
3 years or shall be
liable to fine which
may extend up to
2 lakhs or both.
14. 14
Remarks:
Offences under PDPA are cognizable and non-bailable
offence.
Offences committed by Company:
Every person who is in charge is responsible to the Company
for the conduct of the business of the Company as well as the
Company shall be deemed to be guilty. This includes
Managing Director, Manager and/or Whole- time Director of
the Company.
Further, also if it is proved that the offence by the Company
has been committed with the consent or connivance of, or is
attributable to any neglect on the part of any director,
manager, secretary or other officer of the company, such
persons shall be deemed to be guilty of the offence and shall
be liable to be proceeded against and punished accordingly.
OFFENCES PUNISHABLE WITH IMPRISONMENT
CONTINUED…
15. 15
KEY TAKEAWAYS
The Personal Data Protection Bill 2018 of India is a law with
extra – territorial jurisdiction and is aligned to the privacy
principles as laid down under GDPR, including severe fine in
case of data breach. After the Supreme Court Landmark
Judgement recognising privacy as a fundamental right, people
have become more vigilant towards their rights and are
questioning any usage of their data for purposes other than
they have consented to. In order to enjoy competitive edge
in the sectors the Business is operating in, especially the
sectors whose business model is directly linked to the
customers’ data, the law will have far reaching implications.
IMPLICATIONS
In the event of breach, not only one will be liable to pay
penalty and pay damages to the aggrieved person but will
also be subjected to business and reputational loss. In the
event it is determined that significant harm is caused to an
individual, the officer in default may even be sentenced to
imprisonment. The liability in certain events extents even to
the directors and manager of the Company. Further,
depending upon the harm caused to an individual, the
respective international privacy regulatory authority may
even restrict processing of data principals’ personal data
residing in the respective jurisdiction by an Indian Entity.
16. 16
ACTION POINTS
One of the essential pillar to data protection laid under the
law, is the importance of ‘adequate safeguards’ such as
including de-identification, encryption, and tools to
prevent misuse, unauthorized access, modification,
disclosure, or destruction of personal data.
Temporal limitations on processing and retention of
personal data. Store the data as long as “reasonably
necessary" to satisfy its intended purpose or to comply
with legal obligations. Undertake periodic review to check
that no one is unnecessarily retaining personal data.
Undertake gap assessment exercise, frame privacy &
security policy of the company and adopt the code of
practice as may be notified by the Authority.
Review existing contracts with vendors, bind them with
restrictive covenants aswell as security and privacy policy
of the Company.
Undertake data – audits in case of any outsourced
processing assignments.
Given the nature of operation of the Company, consider
taking Data Insurance.
17. 17
GLOSSARY OF KEY TERMS
Data means and includes a representation of
information, facts, concepts, opinions, or
instructions in a manner suitable for
communication, interpretation, or processing by
humans or by automated means.
Data
fiduciary
means any person, including the State, a company,
any juristic entity or any individual who alone or in
conjunction with others determines the purpose
and means of processing of personal data.
Data
principal
means the natural person to whom the personal
data referred to in sub-clause (28) relates.
Data
processor
means any person, including the State, a company,
any juristic entity or any individual who processes
personal data on behalf of a data fiduciary, but does
not include an employee of the data fiduciary.
Harm includes— (i) bodily or mental injury; (ii) loss,
distortion or theft of identity; (iii) financial loss or
loss of property, (iv) loss of reputation, or
humiliation; (v) loss of employment; (vi) any
discriminatory treatment; (vii) any subjection to
blackmail or extortion; (viii) any denial or
withdrawal of a service, benefit or good resulting
from an evaluative decision about the data
principal; (ix) any restriction placed or suffered
directly or indirectly on speech, movement or any
other action arising out of a fear of being observed
or surveyed; or (x) any observation or surveillance
that is not reasonably expected by the data
principal.
18. 18
GLOSSARY OF KEY TERMS CONTINUED…
Person means— (i) an individual, (ii) a Hindu undivided
family, (iii) a company, (iv) a firm, (v) an association of
persons or a body of individuals, whether
incorporated or not, (vi) the State, and (vii) every
artificial juridical person, not falling within any of the
preceding sub-clauses;
Personal
data
means data about or relating to a natural person who
is directly or indirectly identifiable, having regard to
any characteristic, trait, attribute or any other
feature of the identity of such natural person, or any
combination of such features, or any combination of
such features with any other information
Personal
Data Breach
(PDB)
means any unauthorised or accidental disclosure,
acquisition, sharing, use, alteration, destruction, loss
of access to, of personal data that compromises the
confidentiality, integrity or availability of personal
data to a data principal
Profiling means any form of processing of personal data that
analyses or predicts aspects concerning the
behaviour, attributes or interest of a data principal
Sensitive
Personal
Data (SPD)
means personal data revealing, related to, or
constituting, as may be applicable— (i) passwords; (ii)
financial data; (iii) health data; (iv) official identifier;
(v) sex life; (vi) sexual orientation; (vii) biometric
data; (viii) genetic data; (ix) transgender status; (x)
intersex status; (xi) caste or tribe
Significant
data
Fiduciary
(SDF)
means a data fiduciary notified by the Authority
under section 38.
Significant
harm
means harm that has an aggravated effect having
regard to the nature of the personal data being
processed, the impact, continuity, persistence or
irreversibility of the harm.