Indian Personal Data Protection Act 2019

Chapter I
Preliminary (Sections 1-3)
Compare GDPR
Certified Indian Data Protection Officer
Section 1
Short title and commencement
Section 2
Application of Act to processing of personal data
Section 3
Definitions

Chapter II
Obligations of Data Fiduciary (Sections 4-11)
Compare GDPR
Certified Indian DPO
Section 4
Prohibition of processing of personal data
Section 5
Limitation on purpose of processing of personal data
Section 6
Limitation on collection of personal data
Section 7
Requirement of notice for collection or processing of personal data
Section 8
Quality of personal data processed
Section 9
Restriction on retention of personal data
Section 10
Accountability of data fiduciary
Section 11
Consent necessary for processing of personal data
Chapter III
Grounds for processing personal data without consent (Sections 12-15)
Compare GDPR
Section 12
Grounds for processing of personal data without consent in certain cases
Section 13
Processing of personal data necessary for purposes related to employment, etc.
Section 14
Processing of personal data for other reasonable purposes
Section 15
Categorisation of personal data as sensitive personal data
Chapter IV
Personal data and sensitive personal data of children (Section 16)
Compare GDPR
Section 16
Processing of personal data and sensitive personal data of children
Chapter V
Rights of data principal (Sections 17-21)
Compare GDPR
Certified Indian DPO
Section 17
Right to confirmation and access
Section 18
Right to correction and erasure
Section 19
Right to data portability
Section 20
Right to be forgotten
Section 21
General conditions for the exercise of rights in this Chapter
Chapter VI
Transparency and accountability measures (Sections 22-32)
Compare GDPR
Section 22
Privacy by design policy
Section 23
Transparency in processing of personal data
Section 24
Security safeguards
Section 25
Reporting of personal data breach
Section 26
Classification of data fiduciaries as significant data fiduciaries
Section 27
Data protection impact assessment
Section 28
Maintenance of records
Section 29
Audit of policies and conduct of processing, etc.
Section 30
Data protection officer
Section 31
Processing by entities other than data fiduciaries
Section 32
Grievance redressal by data fiduciary
Chapter VII
Restriction on transfer of personal data outside India (Sections 33-34)
Compare GDPR
Section 33
Prohibition of processing of sensitive personal data and critical personal data outside India
Section 34
Conditions for transfer of sensitive personal data and critical personal data

Chapter VIII
Exemptions (Sections 35-40)
Compare GDPR
Certified Indian Data Protection Officer
Section 35
Power of Central Government to exempt any agency of Government from application of the Act
Section 36
Exemption of certain provisions for certain processing of personal data
Section 37
Power of Central Government to exempt certain data processors
Section 38
Exemption for research, archiving or statistical purposes
Section 39
Exemption for manual processing by small entities
Section 40
Sandbox for encouraging innovation, etc

Chapter IX
Data Protection Authority of India (Sections 41-56)
Compare GDPR
Certified DPO
Section 41
Establishment of Authority
Section 42
Composition and qualifications for appointment of Members
Section 43
Terms and conditions of appointment
Section 44
Removal of Chairperson or other Members
Section 45
Powers of Chairperson
Section 46
Meetings of Authority
Section 47
Vacancies, etc., not to invalidate proceedings of Authority
Section 48
Officers and other employees of Authority
Section 49
Powers and functions of Authority
Section 50
Codes of practice
Section 51
Power of Authority to issue directions
Section 52
Power of Authority to call for information
Section 53
Power of Authority to conduct inquiry
Section 54
Action to be taken by Authority pursuant to an inquiry
Section 55
Search and seizure
Section 56
Co-ordination between Authority and other regulators or authorities
Chapter X
Penalties and Compensation (Sections 57-66)
Compare GDPR
Certified Indian DPO
Section 57
Penalties for contravening certain provisions of the Act
Section 58
Penalty for failure to comply with data principal requests under Chapter V
Section 59
Penalty for failure to furnish report, returns, information, etc
Section 60
Penalty for failure to comply with direction or order issued by Authority
Section 61
Penalty for contravention where no separate penalty has been provided
Section 62
Appointment of Adjudicating Officer
Section 63
Procedure for adjudication by Adjudicating Officer
Section 64
Compensation
Section 65
Compensation or penalties not to interfere with other punishment
Section 66
Recovery of amounts

Chapter XI
Appellate Tribunal (Sections 67-77)
Compare GDPR
Certified Indian DPO
Section 67
Establishment of Appellate Tribunal
Section 68
Qualifications, appointment, term, conditions of service of Members
Section 69
Vacancies
Section 70
Staff of Appellate Tribunal
Section 71
Distribution of business amongst Benches
Section 72
Appeals to Appellate Tribunal
Section 73
Procedure and powers of Appellate Tribunal
Section 74
Orders passed by Appellate Tribunal to be executable as a decree
Section 75
Appeal to Supreme Court
Section 76
Right to legal representation
Section 77
Civil court not to have jurisdiction

Chapter XII
Finance, accounts and audit (Sections 78-81)
Compare GDPR
Certified Indian DPO
Section 78
Grants by Central Government
Section 79
Data Protection Authority of India Funds
Section 80
Accounts and Audit
Section 81
Furnishing of returns, etc., to Central Government

Chapter XIII
Offences (Sections 82-85)
Compare GDPR
Certified Indian Data Protection Officer
Section 82
Re-identification and processing of de-identified personal data
Section 83
Offences to be cognizable and non-bailable
Section 84
Offences by companies
Section 85
Offences by State
Chapter XIV
Miscellaneous (Sections 86-98)
Compare GDPR
Certified Indian DPO
Section 86
Power of Central Government to issue directions
Section 87
Members, etc., to be public servants
Section 88
Protection of action taken in good faith
Section 89
Exemption from tax on income
Section 90
Delegation
Section 91
Act to promote framing of policies for digital economy, etc
Section 92
Bar on processing certain forms of biometric data
Section 93
Power to make rules
Section 94
Power to make regulations
Section 95
Rules and regulations to be laid before Parliament
Section 96
Overriding effect of this Act
Section 97
Power to remove difficulties
Section 98
Amendment of Act 21 of 2000

author avatar
Privacy Professor

Professor mr drs Romeo F. Kadir MA MSc LLM LLM (Adv) EMBA EMoC

At present Romeo Kadir serves as the President of the Global Association of Data Protection Professionals Europe (GADPPRO). GADPPRO is a thought leader self-regulatory association of data protection professionals based in the European Union, active around the globe and the first European Association of data protection professionals open for members outside the EU. Please visit www.gadppro.org for more information.

First appointed Data Protection Officer (DPO) ever in the Netherlands (European Union) at a semi-public entity. Seasoned European Privacy and Data Protection Expert (22+ years of practical experience in EU Privacy and Data Protection Law, Business Management, Compliance and Ethics).

Studied European and International Law, Political Sciences and Business Administration. Romeo Kadir is EIPACC EADPP Professor European Privacy & Data Protection Law at Universitas Padjadjaran UNpad (Indonesia) and Honorary Visiting Research Fellow with O.P. Jindal Global University (New Delhi), Senior Associate Fellow with Vidhi Centre for Legal Policy (New Delhi), Lecturer Science Honours Academy and Lecturer at the International Molengraaff Institute, Utrecht University (UU, Netherlands). In 2010 he was founder of the first European Data Protection Academy focusing on privacy-only executive education.

Present Occupations in European Data Protection Law

Member of the International Bar Association (IBA)
Member of the International Board of Experts with EuroPrivacy Certification Scheme (Geneva and Luxembourg)
Member of the International Strategic Board with EuroPrivacy Certification Scheme (Geneva and Luxembourg)
Member of the Swiss-Chinese Law Association (SCLA)

Former Occupations in European Data Protection Law

President European Institute for Privacy, Audit, Compliance & Certification (EIPACC)
Co-Founder/Vice-President European Association for Data Protection Professionals (EADPP)
Chair EADPP Certification Committee Data Protection Professionals,
Chair EADPP Academic Board
Chair EADPP Expert Committee on Cybersecurity
Chair EADPP Expert Committee on Artificial Intelligence (AI)
President Supervisory Board of the Dutch Privacy Complaints Office (NPKI)
Rapporteur to UN Monitoring Commission Human Rights on behalf of the Dutch Privacy Foundation (SPN)

Publications

'Handbook DPO - A Practical Guide', Privacy Publishing Group (2017)
Editor-in-Chief of ‘Data Protection Dictionary’, authored, edited and coordinated ‘Handbook for the Data Protection Officer – A practical Guide’, ‘The Ultimate GDPR Business Guide – Six Volumes’ and other relevant books in the field of privacy and data protection (www.dataprotectionbooks.com)

www.romeokadir.eu

You may also like

Children Safety Encryption www.privacad.com
Apple’s New Step to Protect Child Abuse via Encryption Feature
20 August, 2021
DNA Technology and Privacy www.privacad.com
DNA Technology Regulation Bill and Violation of Privacy for Minority Groups
19 August, 2021
www.privacad.com
India accuses Twitter of not complying with new IT rules
18 August, 2021