GDPR, DATA PROTECTION IN INDIA, IT ACT, 2000

PriyankaChauhan173 371 views 17 slides Aug 01, 2020
Slide 1
Slide 1 of 17
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17

About This Presentation

ABOUT GDPR (GENERAL DATA PROTECTION REGULATION), ELECTRONIC DATA PRIVACY IN INDIA, IT ACT, 2000.

Size: 1.14 MB
Language: en
Added: Aug 01, 2020
Slides: 17 pages

Slide Content

GDPR, DATA PROTECTION IN INDIA LAWS  & IT ACT, 2000 GENERAL DATA PROTECTION REGULATIONS

DEFINITION & OBJECTIVE GDPR (General Data Protection Regulation) is a legal framework that sets guidelines for the collection and processing of personal information from individual who live in the European Union. GDPR objective is to protect the personal data and privacy of all citizens in the European Union. It makes companies accountable for the data they collect, store, analyse and use. GDPR comprises of 173 regulations and 99 articles, includes mandates, repeals, exception and responsibilities for all organization to ensure that personal data of EU resident is protected.

7 PRINCIPLES OF GDPR Lawfulness, fairness and transparency Purpose limitation Data minimization Accuracy Storage Limitation Integrity & confidentiality (Security) Accountability

COUNTRIES MEMBER OF EU SUBJECT TO GDPR Austria 12. Greece 23 . Romania Belgium 13. Hungary 24 . Slovakia Bulgaria 14. Ireland 25. Slovina Croatia 15 . Italy 26. Sweden Republic of Cyprus 16. Latvia 27. UK Czech Republic 17. Lithuania Denmark 18. Luxembourg Estonia 19. Malta Finland 20. Netherland France 21. Poland Germany 22. Portugal

GDPR & IT ACT, 2000 SIMILARITY &DISTINCTION- ( Principles of processing and collection of data) SIMILARITY- Article5 GDPR & Rule 5 of IT rules, 2011 Data transfer from electronic commerce. Both law require that- Collection of data should be for lawful purpose. Collection should be necessary for the purpose specified . DISTINCTION-Article5 GDPR & Rule 5 of IT rules, 2011 GDPR specifically confirms protection to natural persons and their rights and freedom upon data processing. This is not expressed in IT Act. The principles given in GDPR applies in relation to data protection. On the other hand, principles given in IT Act applies to collection of information and use. It does not mention processing. Principles mentioned in GDPR but not mentioned in IT Act are data integrity, protection from unlawful processing, accountability, fairness and transparency.

GDPR & IT ACT, 2000- (Lawfulness of processing) SIMILARITY- Article 6 GDPR & Rule 5 of IT Rules, 2011 Consent of provider of information11 or the data subject12 is a prerequisite for the purpose of collection of information and for processing under IT Rules and GDPR respectively. DISTICTION- Article 6 GDPR & Rule 5 of IT Rules, 2011 Unlike the GDPR, the IT Act does not have a provision that specifically deals with “lawfulness” of processing. GDPR lists five additional conditions on necessity of processing and also confers upon the Member States the power to introduce specific requirements for processing. Similar conditions are not mandated under the IT Act.

GDPR & IT ACT, 2000- (Consent) SIMILARITY- Article 4,8 GDPR Under both laws: i . Consent prior to data collection is needed ii. The provider has the option to withdraw consent DISTINCTION- Article 4, 8 GDPR Unlike GDPR, the IT Act does not: i . Define consent ii. List special conditions for child’s consent iii. Require demonstration of consent by the data controller.

GDPR & IT ACT, 2000- (Sensitive personal data ) SIMILARITY- Art.9 of GDPR Sec.43A of the IT Act, 2000 and Rule 3 of IT Rules, 2011 Both laws include biometric data, health records and sexual orientation in the list of sensitive data. DISTICTION- Art.9 of GDPR Sec.43A of the IT Act, 2000 and Rule 3 of IT Rules, 2011 GDPR and IT Act lay down additional categories of sensitive personal data that are not common to the two laws.

GDPR & IT ACT, 2000- (Rights ) SIMILARITY- Art.(14 -18), Art.(20 - 22) and Art.7(3) of GDPR Rule 5(6), Rule 5(3), Rule 5 (7) of IT Rules, 2011 Some rules under Sec.43A of the IT Act loosely correspond to the rights under GDPR. These are: Right to rectification, Right to be informed and the Right to withdraw consent. DISTICTION- Art.(14 -18), Art.(20 - 22) and Art.7(3) of GDPR Rule 5(6), Rule 5(3), Rule 5 (7) of IT Rules, 2011 Unlike the GDPR, IT Act does not use the word “Right”. IT Act excludes reference to some important rights given in GDPR. These are Right of access, Right to restrict processing, Right to data portability, Right to object, Right to erasure, Right in relation to automated decision making and profiling. The Rights have been described in considerable details in GDPR. On the contrary, the IT Act gives a vague description of some of these rights.

GDPR & IT ACT, 2000- (Security and Accountability ) SIMILARITY- Art.32, 35, 37, 30, 33 of GDPR Rule 4 of IT Rules, 2011 Common data protection security practices include adoption of internal policies, security audit, adherence to voluntary code of conduct and certification mechanism DISTICTION- Art.32, 35, 37, 30, 33 of GDPR Rule 4 of IT Rules, 2011 GDPR consists of additional and elaborate measures for security of data processing. These include appointing a data security officer, conducting privacy impact assessment, maintenance of records of processing .

COMPENSATION AND LIABILITY (Compensation for damages ) SIMILARITY- Art.82, Art.82(2) of GDPR Sec.43A of IT Act, 2000 and Rule 8(1) of IT Rules, 2011 Both contain provisions that award compensation from damages arising due to infringement. Both contain exemption from liability under certain conditions. DISTICTION- Art.82, Art.82(2) of GDPR Sec.43A of IT Act, 2000 and Rule 8(1) of IT Rules, 2011 Compensation is a right under the GDPR but not under the IT Act. Different mechanisms and procedures, for claiming compensation, have been given under the two laws.

COMPENSATION AND LIABILITY ( Punishment for disclosure of information ) SIMILARITY- Art.83 of GDPR Sec.72A of IT Act, 2000 Both provide a provision for fines in case of breach. DISTINCTION- Art.83 of GDPR Sec.72A of IT Act, 2000 GDPR imposes civil liability only. IT Act imposes criminal liability also.

COMPENSATION AND LIABILITY (Redress ) SIMILARITY- Art.77, 78, 79, 82 of GDPR Rule 5(9) of IT Act, 2000 Sec.72A of IT Act, 2000 Both laws provider redress mechanisms. DISTINCTION- Art.77, 78, 79, 82 of GDPR Rule 5(9) of IT Act, 2000 Sec.72A of IT Act, 2000 Redress is a matter of right under GDPR but not under IT Act. The laws prescribe different redress procedures. There is ambiguity regarding authority that can be approached under IT Act, 2000.

COMPENSATION AND LIABILITY (Data transfer ) SIMILARITY- Article 44-50 GDPR Rule 7 of IT Act Both laws obligate that data transfers will be allowed only if the receiving party offers same level of data protection. DISTINCTION- Article 44-50 GDPR Rule 7 of IT Act GDPR covers data transfers to international organizations as well. IT Act does not specifically mention international organizations. As compared to the IT Act, GDPR lists many more parameters for valid data transfer such adequacy decision, appropriate safeguards, derogations and judgements of a court of third country.

CAN DATA BE TRANSFERRED OUTSIDE EUROPEAN UNION Data protection legislation prohibits the transfer of personal data to countries outside the European Economic Area (EEA) unless:- The country in question has been deemed by the European commission to provide an adequate level of protection for personal data; or One of the mechanisms set out in the legislation has been put in place applies eg . Where one of the appropriate safeguards listed in data protection legislation has been put in place or a specific exception applies.

Data protection law in India NASSCOM (National Association of Software & Service Companies) It is a trade association of Indian information technology & business process outsourcing industry. It is a NPO, established in the year 1988. Information Technology Act, 2000 & Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or information) Rules, 2011 The Information Technology Act, 2000 is an Act of the Indian Parliament notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce. Section 43 A and Section 72A provide about compensation for data protection and punishment for breach of lawful contract. Personal Data Protection Act, 2018 The PDPA, 2018 act came into force on 25 th May, 2018, applicable to the whole of India. Act applies- processing of personal data where such data has been collected, disclosed, shared or otherwise processed within the territory of India; and processing of personal data by the State, any Indian company, any Indian citizen or any person or body of persons incorporated or created under Indian law

THANK YOU         Presented by Priyanka Chauhan 
Tags
gdpr data privacy data protection law it act 2000 india law on data privacy and protection
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 371
  • Slides 17
  • Age 1949 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
29 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views
View More in This Category