The Importance of Privacy Rights: Mandatory for Businesses of All Sizes under GDPR and Indian Privacy Laws

-

 

By Sandigdha Mishra, Adv.

Legal Consultant, School Compliance, Child Protectionist, Life Coach
advocate.sandigdhamishra@gmail.com
https://www.linkedin.com/in/sandigdhamishra/

Introduction

Privacy rights are fundamental rights that individuals possess to protect their personal information from unauthorised access and use. With the advent of digital technologies and the widespread collection and processing of personal data, safeguarding privacy has become a critical concern. This article examines the significance of privacy rights for businesses of all sizes, focusing on the requirements imposed by the General Data Protection Regulation (GDPR) in the European Union and the privacy laws of India.




Personal DataSection 43A of the IT Act define “Personal information” to mean any information that relates to a natural person, which can be used, either directly or indirectly with some other information for identifying such person i.e. “Personally Identifiable Information”.

Under GDPR, Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.

Privacy Rights- It means, whoever possesses, deals or handles any “sensitive personal data” or information should maintain reasonable security practices and procedures relating to such data.

The GDPR has a chapter on the rights of data subjects (individuals) which includes the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and the right not to be subject to a decision based solely on automated processing.

Right to Privacy was a fundamental right under Article 21 of the Constitution of India. Right to Privacy included the right to be left alone, the right to be free from unwanted publicity, and the right to lead a peaceful and dignified life.

Privacy Right as per GDPR:

The GDPR, implemented in May 2018, revolutionised privacy regulation in the European Union (EU). It applies not only to EU-based businesses but also to organisations worldwide that process personal data of EU residents. Key aspects of GDPR that underline the mandatory nature of privacy rights include:

a. Lawful basis for data processing: GDPR mandates that businesses must have a valid legal basis for processing personal data, such as obtaining consent or fulfilling contractual obligations.

b. Data subject rights: GDPR grants individuals several rights, including the right to access their data, rectify inaccuracies, erase data in certain circumstances, and object to processing. Businesses must respect these rights and provide mechanisms to facilitate their exercise.

c. Data protection measures: GDPR requires businesses to implement appropriate technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, or destruction.

d. Accountability and transparency: GDPR emphasises accountability by requiring businesses to maintain records of data processing activities, conduct privacy impact assessments, and appoint data protection officers in certain cases. Transparent information practices and clear privacy policies are also essential elements.

Privacy Laws in India: Ensuring Data Protection and Privacy Rights

India has recognized the importance of privacy rights through its privacy laws, most notably the Personal Data Protection Bill (PDPB), 2022, which is currently under review. The PDPB draws inspiration from international standards, including GDPR, and aims to safeguard personal data in India. Key aspects of privacy rights under the Indian legal framework include:

a. Consent and purpose limitation: Indian privacy laws emphasise the need for informed and voluntary consent for the processing of personal data. Businesses must ensure that data is collected only for specified, explicit, and legitimate purposes.

b. Individual rights: The PDPB grants individuals rights to access, correct, erase, and port their personal data. Businesses are required to establish mechanisms for individuals to exercise these rights effectively.

c. Data localisation: The PDPB proposes the concept of data localisation, mandating certain categories of sensitive personal data to be stored and processed within Indian borders. This provision enhances data protection and reinforces privacy rights.

d. Data protection authority: The PDPB establishes a Data Protection Authority (DPA) to oversee compliance with privacy laws, handle complaints, and impose penalties for violations. This authority ensures accountability and enforcement of privacy rights.

Conclusion

The protection of privacy rights is not an optional consideration but a mandatory aspect for businesses of all sizes. Compliance with the GDPR and privacy laws in India is essential to respect individuals' privacy, build trust with customers and employees, and avoid legal repercussions. By prioritising privacy, businesses can enhance their reputation, improve customer and employee confidence, and demonstrate responsible data handling practices.

Regardless of the size of a business, it must establish robust data protection measures, obtain lawful consent, honour individual rights, maintain transparency, and ensure accountability. Understanding and complying with the GDPR and Indian privacy laws empower businesses to navigate the evolving landscape of privacy rights successfully.

By embracing privacy as a fundamental and mandatory requirement, businesses can not only thrive in a data-driven world but also contribute to a society that values and respects individuals' privacy rights.


Thank you!

"Be Aware"

Disclaimer: The materials provided herein are solely for information purposes. No attorney-client relationship is created when you access or use the site or the materials. The information presented on this site does not constitute legal or professional advice. It should not be relied upon for such purposes or used as a substitute for legal advice from an attorney licensed in your state.




Comments

Post a Comment

Popular posts from this blog

Navigating the Digital Era: Safeguarding Children's Digital Footprints Amid Global Challenges

-
Image
By Sandigdha Mishra, Adv. Legal Counsel and Life Coach advocate.sandigdhamishra@gmail.com.   Introduction:   In today's dynamic digital landscape, children are immersed in an interconnected world where information knows no bounds, transcending geographical borders, religious doctrines, and political ideologies. While the digital realm offers unparalleled opportunities for learning and connectivity, the ease with which information flows raises legitimate concerns about the security of children's digital footprints. Against the backdrop of current global challenges, safeguarding the online experiences of the younger generation becomes paramount. The need to balance the expansive possibilities of the digital era with a vigilant eye on the protection of children's privacy and security is evident, calling for collaborative efforts from parents, educators, policymakers, and technology stakeholders to ensure a safe and enriching online environment for children to explore and learn
Read more

Stamp Paper and Validity

-
Image
Does Stamp Paper Expire? Ans: No, However section 54 of Indian Stamp Act states that the Stamp Paper is valid for only 6 month for any execution. This means Stamp Paper never Expires but it can't be used for execution after 6 month of the period from the date of its purchase. So what do you do with such Stamp Paper? Ans: If you don't have a use of such Stamp Paper within 6 month of its purchase then you may return the Stamp Paper and deposit back to the Collector. Such Stamp Paper shall not be spoilt, rendered unfit or useless while returning the same. Your money will be refunded after deduction of 10%. Who is the Collector of Stamp? Ans:  Deputy Commissioners, SDOs(C) and District Revenue Officers  are declared as Collectors under Section 47-A of the Indian Stamp Act, 1899. *Note: You can only use the Stamp paper for the same purpose for which you have purchased it as the Stamp vendor makes an entry of the purpose in the record.
Read more

Summary Suit and Ordinary Suit

-
Image
SUMMARY SUIT AND ORDINARY SUIT UNDER THE CIVIL PROCEDURE CODE By Sandigdha Mishra, Advocate advsandigdha@paydirtprofessionals.com A suit is a civil proceeding that has been instituted when on presenting a plaint as per Section 26(1)Civil Procedure Code.  So first, a plaint has to be prepared then the appropriate place for suing has to be chosen and thereafter, the plaint has to be presented. Section 26(2) of the Code of Civil Procedure says that the facts in each plaint have to be proved by affidavit. Now, what is a summary suit as well as an ordinary suit? Summary Suit Summary suit means a certain legal process is followed so as to enforce right effectively wherein the court delivers judgment and defence is not heard. So, this is process is done in specific cases in a restricted manner and when the defence does not have proper or reasonable ground. In the Code of Civil Procedure, Order XXXVII speaks about the summary procedure that has to be followed for recovery of money
Read more