MIS ASSIGNMENT 2+3

SAKSHI SHARDA
20192341
GROUP 1
 Unified rules for
all GDPR Starting:
25thth May 2018
EU Countries
European Union
General Data Protection Regulation

WHY WHAT WHERE

”GDPR is about
harmonization of the
protection of fundamental
right and freedoms of
natural persons in respect
of processing activities”.
Protection of personal data
through organizational,
administrative, and technical
means, -and to provide
evidence of that protection.
• All 28 EU member countries (national
interpretations of parts of the regulation)
• EU businesses, organizations, authorities,
non-profit organisations
• Businesses outside of the EU registering
personal data about EU citizens

USER’s RIGHT
GOALS CHALLENGES
• Access to data subjects personal data
• Protect digitalized Managing compliance with
and Portability
personal data & transparency and consent
• Rectification
strengthen privacy rights requirements presents a
• Erasure -”the right to be forgotten”
of EU individuals daunting undertaking ,yet
• Restriction of processing
• Give users control over companies need to become
• Right to object
their data compliant quickly .
• Right to lodge a complaint
 What is Personal Data Protection Bill, 2018?
 The Personal Data Protection Bill, 2018 ensures protection of individuals personal data and regulates
the collection, usage, transfer and disclosure of the said data.
 The Bill provides access to data to the individuals and places accountability measures for organizations
processing personal data and supplements it by providing remedies for unauthorized and harmful
processing.
The Personal Data Protection Bill 2019 was tabled in the Indian Parliament by the Minister of Electronics
and Information Technology on 11 December 2019. As of March, 2020 the Bill is being analysed by a
Joint Parliamentary Committee in consultation with experts and stakeholders.

APPLICABILITY
The Bill governs the processing of personal data by:
(i) government,
(ii) companies incorporated in India,
(iii) foreign companies dealing with personal data of
individuals in India.
The data protection grew out of public concern
about personal privacy in the face of rapidly
developing computer technology.
It works in two ways :s
i. Gives certain rights to individual.
ii. Obligate those who record and use
personal information, to be open about that
use.
INDIA DATA PROTECTION ACT
• The Personal Data Protection Bill, 2018 (“Bill”) is a draft law submitted in July 2018 by a committee of experts on data protection
constituted by the government of India (“Committee”). The bill has not yet been implemented and has drawn significant criticism and
praise. Its similarities with the European Union’s General Data Protection Regulation (“GDPR”) can be seen in the language and direction
of provisions such as the rights of data principals, quantum of penalties, categories of personal data, and transparency obligations.
• Applicability If the Bill becomes law, its provisions would apply to the processing of personal data: (a) that has been collected, disclosed,
shared, or otherwise processed within India; (b) by any Indian entity, citizen, or the State (as defined under Article 12 of the Constitution
of India); and (c) by data fiduciaries or data processors not present within India, if the processing is in connection with either (i) any
business carried on in India or any offering of goods of services to data principals within India or (ii) profiling data principals within India.
The provisions of the Bill, however, do not apply to the processing of anonymised data. The Bill applies to “personal data” and “sensitive
personal data”. It treats identifiable data, with respect to any characteristic, attribute, trait, or other feature of a person’s identity, as
personal data. Sensitive personal data includes some categories of personal data such as passwords, health or financial data, biometric
data, and data about sex life, sexual orientation, and religious or political beliefs, which carry enhanced requirements of processing. The
Bill also confers power on a data protection authority to specify other such categories. Actors A “data principal” is the natural person to
whom some personal data relates to. A “data fiduciary” is any person – including the State, a company, or a juristic entity – who, either
alone or with others, determines the purpose and means of processing the personal data. A “data processor” is any person who
processes data on behalf of a data fiduciary; however, it does not include an employee of a data fiduciary. A data principal is
conceptually similar to a data subject and a data fiduciary to a data controller under the GDPR. The Bill also seeks to establish the Data
Protection Authority to oversee and regulate processing activities covered by the Bill. Obligations of data fiduciaries Data fiduciaries
must comply with the following obligations and also be able to demonstrate that they have complied with them. (a) Personal data
should be processed in a fair and reasonable manner that respects the privacy of the data principal;