Comply with the DPDP bill and secure your business

The new law in India that regulates the personal data of your customers and partners

Navigating the complexities of the Payment Card Industry Data Security Standard (PCI DSS) can be daunting. Sanstark is here to assist. Our PCI DSS Compliance Services aim to secure your business transactions, protect your customers’ data, and keep your business fully compliant with PCI DSS requirements.

With Sanstark, you can confidently operate in the payment card industry, knowing that your organization is adhering to the highest standards of security.

Sanstark is a leading provider of PCI DSS Compliance Services. Our team of experienced cybersecurity professionals brings a deep understanding of the payment card industry’s regulations and requirements to your organization, providing guidance, advice, and solutions tailored to your unique needs.

We’re committed to ensuring your business complies with PCI DSS standards, guaranteeing secure payment environments and safeguarding your reputation.

Data Privacy in India: How the DPDP Bill Affects Businesses and Consumers

An overview of the data breach scenario in India, the key features and implications of the DPDP bill, and the role of Sanstark in helping businesses achieve data protection and privacy compliance.

• According to a report by cybersecurity company Surfshark, India ranked third in the world in terms of number of data breaches, with a total of 86.63 million Indian users breached till November 20211. The report also showed that India had a 351.6 per cent increase in affected accounts compared to last year1.
• Some of the biggest data breaches in India include the Air India data breach that leaked personal data of 4.5 million passengers worldwide2, the CAT examination data breach that exposed the personal details and test results of 190,000 candidates2, the Domino’s India data breach that revealed 180 million pizza orders and 1 million credit card records2, and the Aadhaar data breach that compromised the personal information of 81.5 crore citizens3.
• The Digital Personal Data Protection Bill 2023 (DPDP bill) is India’s new law aimed at regulating the collection, storage, and processing of personal data, based on the recommendation of the committee led by retired Justice B N Srikrishna4. The bill was introduced in Lok Sabha on August 3, 2023, by the Minister of Electronics & Information Technology, and was passed by the Parliament on August 11, 20235.
• The DPDP bill provides for the processing of digital personal data in a manner that recognizes both the rights of the individuals to protect their personal data and the need to process such data for lawful purposes and matters connected therewith or incidental thereto4. The bill defines “Data Principal” as the individual whose data is collected, “Data Fiduciary” as the entity controlling data processing, and acknowledges parents/ guardians as “Data Principals” for children under 185.
• The DPDP bill outlines seven principles for data processing: usage of personal data must be lawful, fair, and transparent; personal data should be used only for its intended purposes; data minimization is emphasized; data accuracy during collection is crucial; personal data shouldn’t be stored indefinitely; limited storage duration is mandated; safeguards must prevent unauthorized data collection or processing; and accountability lies with the entity determining data processing purpose and means5. 
• The DPDP bill also establishes a Data Protection Board for enforcing compliance, and provides for penalties and remedies for data breaches and violations5. The bill offers exemptions for businesses based on user numbers and data volume, addressing concerns from startups about compliance burden6. The bill also permits cross-border data transfer to specified countries with strong data security measures, where the Indian government can access Indians’ data5. 
• The DPDP bill will have a significant impact on the e-commerce businesses, as they collect and process large amounts of personal data from their customers and vendors7. The bill will require e-commerce businesses to obtain consent from their data principals, provide transparency and accountability on how they use and share their data, implement security safeguards to prevent data breaches, and comply with the data protection regulations and audits7. 
• The DPDP bill will also affect the digital advertising and marketing sector, as they rely on personal data for targeting and profiling their audiences8. The bill will restrict the use of personal data for direct marketing purposes, unless the data principal has given explicit consent or has a pre-existing relationship with the data fiduciary8. The bill will also prohibit the use of personal data put out in public domain, which will impact the operation of search engines and AI chatbots in the country9. 
• The DPDP bill will have implications for other sectors as well, such as healthcare, education, banking, and telecom, as they deal with sensitive personal data that requires higher standards of protection and consent10. The bill will also affect the data processing activities of the government and its agencies, as they are exempted from certain provisions of the bill, raising concerns about the potential misuse of personal data for surveillance and national security purposes4.

Avoid the penalties of the DPDP bill with Sanstark

How Sanstark can help you comply with the new data protection law in India and secure your personal data

The DPDP bill is a new law in India that regulates the processing of digital personal data and imposes penalties for non-compliance. According to the web search results, some of the penalties for non-compliance are:

• A penalty of up to INR 10,000 for any breach of duty by the data principal or the data fiduciary1.A penalty of up to INR 10,000 for any breach of duty by the data principal or the data fiduciary1.
• A penalty of up to INR 250 crores or 4% of the annual turnover of the data fiduciary, whichever is higher, for violating the provisions of the DPDP bill, such as failing to take reasonable security safeguards, obtaining consent, or complying with the directions of the Data Protection Board of India123.
• A penalty of up to INR 200 crores or 2% of the annual turnover of the data fiduciary, whichever is higher, for failing to report a personal data breach to every affected data principal4.
• An additional penalty of up to INR 150 crores for failing to implement additional measures as a Significant Data Fiduciary, such as conducting data protection impact assessments, appointing data protection officers, or maintaining records of processing activities5.

These penalties are subject to change as the DPDP bill is still under consideration by the Parliament of India.

Sanstark can help you avoid these penalties by providing you with cyber security services and solutions that comply with the DPDP bill. Sanstark can help you:

• Assess your current level of compliance with the DPDP bill and identify the gaps and risks in your data processing activities.
• Implement the necessary information security controls and safeguards to protect your personal data from unauthorized access, use, disclosure, modification, or destruction.
• Monitor and audit your data processing activities and ensure that they are aligned with the consent, rights, and preferences of the data principals.
• Respond to and mitigate any personal data breaches and notify the affected data principals and the Data Protection Board of India as required by the DPDP bill.
• Train and educate your staff and stakeholders on the best practices and regulations of the DPDP bill and foster a culture of data protection in your organization.

Sanstark can help you avoid these penalties by providing you with cyber security services and solutions that comply with the DPDP bill. Sanstark can help you

• Assess your current level of compliance with the DPDP bill and identify the gaps and risks in your data processing activities.
• Implement the necessary information security controls and safeguards to protect your personal data from unauthorized access, use, disclosure, modification, or destruction.
• Monitor and audit your data processing activities and ensure that they are aligned with the consent, rights, and preferences of the data principals.
• Respond to and mitigate any personal data breaches and notify the affected data principals and the Data Protection Board of India as required by the DPDP bill.
• Train and educate your staff and stakeholders on the best practices and regulations of the DPDP bill and foster a culture of data protection in your organization.

Sanstark can help you avoid these penalties by providing you with cyber security services and solutions that comply with the DPDP bill. Sanstark can help you

How Sanstark can help you comply with the DPDP bill

A comprehensive guide to achieving data protection and privacy compliance with Sanstark’s information security solutions

The Data Protection and Privacy (DPDP) bill is a proposed legislation in India that aims to protect the personal data of individuals and regulate the processing of such data by entities. The DPDP bill imposes various obligations and responsibilities on data fiduciaries and data processors, such as obtaining consent, ensuring data quality, implementing security safeguards, notifying data breaches, and complying with data audits.

Sanstark is a leading provider of information security solutions that can help you comply with the DPDP bill in your business or organization. Sanstark can assist you in the following ways:

With Sanstark, you can achieve data protection and privacy compliance with the DPDP bill in a cost-effective, efficient, and reliable manner. Contact us today to find out how we can help you.