The European Commission recently released a set of statistics reflecting on the “compliance, enforcement and awareness” of the General Data Protection Regulation (GDPR), which has been in force for over 10 months now. It shows a growing number of complaints and data breach notifications in Europe, and fines being imposed. This clearly indicates the success of the GDPR framework.
India has a lot to learn from this as the proposed Personal Data Protection Bill, 2018, is in the pipeline. The bill is expected to bring about a huge shift in personal data protection regime in the country.
The provisions of the bill require the government to notify the proposed act within 12 months from enactment. The government is required to establish a Data Protection Authority (DPA) within three months from the notification date, and within 12 months the DPA is required to notify the grounds of processing personal data, as well as codes of practice for several aspects under the proposed act.
The remaining provisions of the proposed act will come into force 18 months from the notification date, whereas the government may notify the provision mandating mirroring of personal data within India at its discretion. Overall, it is expected to take 18 months from the notification date for the provisions of the proposed act to fully take effect.
You must be a
to read this content, please
TEJAS KARIA is partner and head of arbitration, and SHASHANK MISHRA is a senior associate at Shardul Amarchand Mangaldas. They can be contacted at tejas.karia@AMSShardul.com and shashank.m@AMSShardul.com