Data Protection Bill – What is in store for you? A layman’s point…

What’s up folks, How is it going ??
Hope you are all doing a wonderful in your everyday lives, this is Guru, Your favourite blogger, with some exciting information for you!!!!

Let me warm you up first, do you have internet? How DUMB are you, Guru?? I’m sure plenty but that’s not the point in article 😛 You’re of course viewing this in in the web. Sorry next question, do you access the internet at your home through the phone? Computer? Office systems? school systems? Open Wifi? Maybe few of you are checking all these boxes. Guesses what this article about at least now ??
Well, forget that you read the title…duh… eye rolls…
No.!!? Honesty, I like it…
Well, recently our government passed on green signals to a bill: DATA PROTECTION BILL… what?
When did this happen you might ask. Can’t blame you for not knowing as you were amidst opposing
CAA & BJP and its plans there wasn’t just enough time right… no problem Guru to your rescue…enough of my enthusiasm, I guess.
Read on…


Our country India is at the peak of its encounter with Internet & Data services through different service providers making our life easier with cheaper rates and more data (well anyway accessible by most). We are also living in a social media world as a side effect of these advancements since the usage statistics hit a record-breaking peak from 2016/2017, the govt. got worried as the there Is no one is taking measures for protection to the data stored, as most of it stored anyway outside India(all data, in my opinion, are placed in servers outside India only).They put together a committee in 2017 to propose rules for the protection of Indian usage data/statistics. However, this was done to lay a foundation to the current passed law on 3 rd January,2020.This was known initially as the personal data protection act(PDP) later to be also known as a data protection bill.
So, what are the rules that were put forth by the committee & what is the need for it now?


This bill aims to controls the handing out of citizens data to the government, companies
incorporated in India and in foreign that are dealing with personal data of customers.
Through this bill, the government of India is hollering at the companies/ data providers etc.., to store certain classes of information within the borders of India (as a mandatory policy).


This law also proposes to process individuals data with the consent of the concerned individual, however, In the case of the emergencies, consent is not asked like in medical emergencies & legal proceedings.


Well, a word of caution, a lot of generalisations have been made in my article for the purpose of educating all. For detailed information on the act that’s passed please visit the government websites where the detailed information is available for all.

So, Moving on, what does constitute personal information?
The Bill regulates three categories of data –
a.) Personal, b.) Sensitive Personal, and c.) Critical Personal Data.

The Bill describes Personal Data as any info that’s collected online or offline which can be used to recognize a person, like name, address, phone number, location, shopping history, photographs,telephone records, food preferences, movie preferences, online search history, messages, devices users own, and social media activity.

Sensitive Personal Data incorporates health care data (knowledge you share with a doctor or healthcare apps), financial data (banking and payments information), sexual orientation, biometrics (facial images, fingerprints etc.,), caste or tribe, religious and party-political beliefs.“Critical Personal Data” has not yet been well-defined by the administration there is more coming up on this in the future.

So, what’s in it for you as an individual?

Reading the bill clearly gives an idea that it gives a high priority for citizens rights as the details cannot be collected processed or shared without consent. However, some details that can be collected are the ones that are used for pre-defined purposes, like logins to the app and site.
IT advises the companies that are collecting data to be clear and crisp with the individual on what data is being collected and what purposes, now that this rule is inculcated any deviation is an offence and if found guilty, the company can get a harsh penalty, basically, of not being able to extend their services in our country anymore(kidding, not this harsher though PENALTIES of breach to follow after this).
Also, this bill gives the user know crucial information such as till when the consented data will be retained & to what other companies the current company shares the information.

Additionally, there are many responsibilities on companies that use data to find customers, how you ask?
Private businesses are expected to come up with a routine check on all data gathering, process & storage of data also place limits with these as to comply with the law.
If the company/business find a breach of known or unknown or circumstantial, they are now to subject the same to a regulatory authority appointed by the Indian government to solve/monitor any issues in this matter.
So to sum it up, changes galore for the businesses, few of the changes we can predict are
implementation of regular safety audits, increase in a ‘NEW Role’ of “Data Protection Officer(s)” and possibly new methods to enable customer verifications and requesting consents for all the online accounts of user.

Penalties for a breach and failing to comply with the proposed rules are pretty tough- According to the information in the bill, sharing of data without consent will lead to a minimum of 15 CR or a fine of 4-5% of the companies turnover(global in the case of MNC’s) And data breach and delay to assess a breach/ reporting the breach later will get you a fine of 2-3% global turnover or a minimum of 5 Crores.


In some cases, according to the level of the situation, a prison sentence to the people representing the companies might be handed over.

So, to summarize this article,
Sensitive personal data, as defined above, have a need to be stored within the borders of INDIA.
This bill has brought in a lot of controversies to the government as certain data not categorized as sensitive can be shared with consent, however, in the domains of banking and healthcare any information stored can be used against the individual.
To become a wholesome law and to be followed in full swing will take some time but the protection law, if it works as planned, will save a lot of trouble for the Indian citizens in regards to curbing frauds related to data.

Note: This Represents the authors understanding of the bill. It might / might not represent the exact bill. Please do visit the government’s websites for more clear and detailed information.

Follow us on Instagram: @Arhaaths
Author: @grookroo

3 thoughts on “Data Protection Bill – What is in store for you? A layman’s point…

  1. I am definitely sure we are not equipped as much as in comparison to other countries, The government is working out on plans that enable the protection. Also, Distributions of contracts and projects among Indian startups and companies having a base in India might enable us to have safe storage of our data.

Leave a Reply

%d bloggers like this: