Scribd Logo
Importer

Bienvenue sur Scribd !

  • Comparison Between Eu GDPR and Data Protection BILL, 2018

    Transféré par

    vishnu P
    15 vues4 pages

    Titre original

    Assignment Cyber.docx

    Copyright

    © © All Rights Reserved

    Formats disponibles

    DOCX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    15 vues4 pages

    Comparison Between Eu GDPR and Data Protection BILL, 2018

    Transféré par

    vishnu P

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 4

    Nandhinee E

    BA0150028

    COMPARISON BETWEEN EU GDPR AND DATA PROTECTION


    BILL, 2018

    1. SENSITIVE PERSONAL DATA

    A. Under EU GDPR Sensitive personal data does not include financial data or
    passwords: Article 9 (1) - special categories of personal data are data relating to racial
    or ethnic origin, political opinions, religious or philosophical beliefs, or trade union
    membership, and the processing of genetic data, biometric data for the purpose of
    uniquely identifying a natural person, data concerning health or data concerning a
    natural person’s sex life or sexual orientation.
    B. Under the Data Protection Bill, 2018 Sensitive personal data includes financial
    data and passwords: Section 3 (35)- “Sensitive Personal Data” means personal data
    revealing, related to, or constituting, as may be applicable—

    (i) passwords;
    (ii) financial data;
    (iii) health data;
    (iv) official identifier;
    (v) sex life;
    (vi) sexual orientation;
    (vii) biometric data;
    (viii) genetic data;
    (ix) transgender status;
    (x) intersex status;
    (xi) caste or tribe;
    (xii) religiousor political belief or affiliation; or
    (xiii) any other category of data specified by the Authority under section 22.

    2. DATA CONTROLLER/FIDUCIARY

    A. Under EU GDPR Data Controller is defined under Article 4(7): ‘controller’


    means the natural or legal person, public authority, agency or other body which,
    1
    Nandhinee E
    BA0150028
    alone or jointly with others, determines the purposes and means of the processing
    of personal data; where the purposes and means of such processing are determined
    by Union or Member State law, the controller or the specific criteria for its
    nomination may be provided for by Union or Member State law
    B. Under the Data Protection Bill, 2018 Data Fiduciary is defined under: Section
    3(13)- “Data fiduciary” means any person, including the State, a company, any
    juristic entity or any individual who alone or in conjunction with others determines
    the purpose and means of processing of personal data;

    3. DATA LOCALIZATION FOR CROSS BORDER TRANSFER OF DATA


    A. Under EU GDPR no data localization is required
    B. Under the Data Protection Bill, 2018 data localization is compulsory: Section
    40- Restrictions on Cross-Border Transfer of Personal Data. —
    (1) Every data fiduciary shall ensure the storage, on a server or data centre located
    in India, of at least one serving copy of personal data to which this Act applies.
    (2) The Central Government shall notify categories of personal data as critical
    personal data that shall only be processed in a server or data centre located in
    India.

    4. AUTHORIZATION FOR CROSS BORDER TRANSFER OF DATA


    A. Under EU GDP no special authorization is required for cross border transfer
    to a country that provides equal protection: Recital 103: The Commission may
    decide with effect for the entire Union that a third country, a territory or specified
    sector within a third country, or an international organisation, offers an adequate
    level of data protection, thus providing legal certainty and uniformity throughout
    the Union as regards the third country or international organisation which is
    considered to provide such level of protection. In such cases, transfers of personal
    data to that third country or international organisation may take place without the
    need to obtain any further authorisation.
    B. Under the Data Protection Bill, 2018 authorization is compulsory: Section 41-
    Conditions for Cross-Border Transfer of Personal Data. —

    2
    Nandhinee E
    BA0150028
    (1) Personal data other than those categories of sensitive personal data notified
    under subsection (2) of section 40 may be transferred outside the territory of India
    where—

    (a) the transfer is made subject to standard contractual clauses or intra-group


    schemes that have been approved by the Authority; or

    (b) the Central Government, after consultation with the Authority, has prescribed
    that transfers to a particular country, or to a sector within a country or to a particular
    international organisation is permissible; or

    (c) the Authority approves a particular transfer or set of transfers as permissible due
    to a situation of necessity;

    5. REMEDY FOR DATA BREACH


    A. Under the EU GDPR: Articles 77 to 80 provide for remedies available to the data

    subjects in case of any infringement of the Regulations during the processing of

    personal data. Without prejudice to any other administrative or judicial remedy, every

    data subject has the right to lodge a complaint with a supervisory authority, in particular

    in the Member State of his or her habitual residence, place of work or place of the

    alleged infringement if the data subject considers that the processing of personal data

    relating to him or her infringes this Regulation. Article 82 provides for compensation

    as well.

    B. Under the Data Protection Bill, 2018: Section 75 provides for compensation to a data

    principal in case any of his rights under the Bill is violated. A data processor shall be

    liable only where it has acted outside or contrary to the instructions of the data fiduciary

    pursuant to section 37, or where the data processor is found to have acted in a negligent

    manner, or where the data processor has not incorporated adequate security safeguards

    under section 31, or where it has violated any provisions of this Act expressly applicable

    3
    Nandhinee E
    BA0150028
    to it. Any data principal who has suffered harm as a result of any violation of any

    provision under this Act, or rules prescribed or regulations specified hereunder, by a

    data fiduciary or a data processor, shall have the right to seek compensation from the

    data fiduciary or the data processor, as the case may be.

    6. NOTICE

    A. Under the EU GDPR notice is given under Article 12, 13 and 14 when data is

    collected with all necessary details to ensure fair and transparent processing. Since

    financial data is not included in sensitive personal data, notice is not given when

    financial data is collected.

    B. Under the Data Protection Bill, 2018: Under Section 8, notice is to be given to

    the data principal at the time of the collection of all data including financial data.

    7. CRIMINAL BREACH

    A. Under the EU GDPR penalties under Article 84 does not provide for any

    imprisonment. It only provides for fines.

    B. Under the Data Protection Bill, 2018 under Section 91 any person who knowingly

    or intentionally or recklessly, in contravention of the provisions of this Act—

    (a) obtains sensitive personal data; or

    (b) discloses sensitive personal data; or

    (c) transfers sensitive personal data to another person; or

    (d) sells or offers to sell sensitive personal data to another person shall be punishable

    with imprisonment for a term not exceeding five years or shall be liable to a fine

    which may extend up to rupees three lakhs or both.

    Vous aimerez peut-être aussi