Follow Us:
Sunday, January 19, 2020

Explained: Data, their types, and other terms described in India’s PDP Bill

The Personal Data Protection (PDP) Bill, 2019, introduced in Lok Sabha this week, has been referred to a joint select committee. Here are some terms described in the Bill.

Written by Karishma Mehrotra | New Delhi | Updated: December 13, 2019 8:50:46 am
Explained: Data, their types, and other terms described in India's PDP Bill Data is information that is represented in a form that is more appropriate for processing.

The Personal Data Protection (PDP) Bill, 2019, introduced in Lok Sabha this week, has been referred to a joint select committee. Here are some terms described in the Bill.

Data: Information that is represented in a form that is more appropriate for processing.

Cross-border transfer: The movement of data across nation borders

Data localisation: Restrictions on the transfer of data outside national borders.

Data processing: The analysis of data to glean patterns, turning raw data into useful information

Personal data: Data that identifies an individual

Non-personal data: Data that is anonymised, most probably because it is presented in an aggregated or summary form

Data principal: The individual whose data is being collected and processed

Data fiduciary: The entity that collects and/or processes a data principal’s data

Data processor: The entity that a fiduciary might give the data to for processing, a third-party entity

Notice: The fiduciary gives the principal a notice of the collection, including the purpose, the type of data, fiduciary contact details, the principals’ rights, and more

Right to correction and erasure: Principal’s right to correct and erase their data

Right to data portability: The right to receive the data from the fiduciary in a machine-readable format

The right to be forgotten: The right to restrict continuing disclosure of personal data

Privacy by design: Developing the product and business with privacy concerns in mind

Data Protection Authority: A government authority tasked with protecting individuals’ data and executing this Act through codes of practice, inquiries, audits and more (The authority has four groups of tasks. In adjudication, the DPA receives grievances and handles enforcement. In monitoring, it oversees internal assessments and external audits of the fiduciaries, as well as tracks data security breaches. In policy, the DPA defines sensitive personal data, reasonable purposes for processing, forms of consent, and the lawful transfer of data outside of India. Finally, the Authority conducts research and awareness building about data protection.)

Significant data fiduciaries: The Data Protection Authority labels certain as this depending on its data processing, such as volume of data, sensitivity of data, company turnover, risk of harm, and newer technologies.

Data protection impact assessment: The fiduciary’s internal assessment

Data protection officer: A representative of the fiduciary that coordinates with the Authority

Sensitive personal data: Data related to finances, health, official identifiers, sex life, sexual orientation, biometric, genetics, transgender status, intersex status, caste or tribe, religious or political belief or affiliation. This data can only be sent abroad with Authority approval.

Critical personal data: The government decides the definition from time to time and it cannot be taken outside of India at all.

Adjudicating officers: Officers in the DPA with the power to call people forward for inquiry into fiduciaries, assess compliance, and determine penalties on the fiduciary or compensation to the principal. Adjudication decisions can be appealed in the appellate tribunal.

For all the latest Explained News, download Indian Express App

0 Comment(s) *
* The moderation of comments is automated and not cleared manually by indianexpress.com.
Advertisement
Advertisement
Advertisement
Advertisement