Govt proposes penalty of up to Rs 500 cr for data breach under Data Protection Bill

The government increased the fine amount for breaking the rules outlined in the draught Digital Personal Data Protection Bill 2022, which was released on Friday, to up to Rs 500 crore.

The draft personal data protection bill in 2019 proposed a penalty of Rs 15 crore or 4 percent of the global turnover of an entity.

The draft proposes to set up a Data Protection Board of India, which will carry on functions as per the provisions of the bill.

“If the Board determines at the conclusion of an inquiry that noncompliance by a person is significant, it may, after giving the person a reasonable opportunity of being heard, impose such a financial penalty as specified in Schedule 1, not exceeding rupees five hundred crore in each instance,” the draft said.

The draft has proposed a graded penalty system for data fiduciary that will process the personal data of data owners only in accordance with the provisions of the Act.

The same set of penalties will be applicable to the Data processor — which will be an entity that will process data on behalf of the Data Fiduciary.

The draft proposes a penalty of up to Rs 250 crore in case the Data Fiduciary or Data Processor fails to protect against personal data breaches in its possession or under its control.

The draft is open for public comment till December 17

With inputs from Agencies

(To receive our E-paper on whatsapp daily, please click here. To receive it on Telegram, please click here. We permit sharing of the paper’s PDF on WhatsApp and other social media platforms.)

Leave a Reply

Your email address will not be published. Required fields are marked *