Bilateral relations between India and the European Union are strengthening, and in this data-driven era it is imperative for one to know data policies of their nation as well as the trade partners of their country. Below is the comparison between data policies of India and EU
India recently introduced its data protection law, an important step in managing data in the growing digital world. This law sets out rules for handling data, outlining the rights and responsibilities of digital citizens and data custodians. It focuses on using data ethically and legally in the digital economy.
India’s Digital Personal Data Protection Act (DPDPA) was enacted five years after the European Union’s General Data Protection Regulation (GDPR). With businesses operating across borders and using global data, it’s essential to compare the GDPR with the DPDPA. We’re particularly looking at how these regulations affect ‘service providers,’ who handle personal data. Although the DPDPA and GDPR share some core principles, they differ in various ways. One similarity is that both regulations apply beyond their territories.
The GDPR is for service providers outside the EU handling personal data of EU users. This includes offering goods or services or tracking user behaviour within the EU. Similarly, the DPDPA covers personal data handled outside India if it’s related to offering goods or services to Indian users.
Both the DPDPA and the GDPR require service providers to follow certain rules. This includes conducting a Data Protection Impact Assessment (DPIA) to manage risks linked to personal data and appointing a Data Protection Officer (DPO) for compliance. They must also protect personal data by using appropriate measures. For instance, they should delete data when a user withdraws consent and ensure the accuracy of the data they handle.
Point Of Divergence
One major difference is the obligations imposed on data processors, like software providers collecting customer data for e-commerce companies. The DPDPA doesn’t specify duties for data processors, putting the responsibility on service providers. However, the GDPR places clear obligations on data processors, like helping service providers during a data breach or ensuring compliance with the regulation.
To make things easier for global digital businesses, it’s crucial to harmonise these differing regulations. India has some flexibility as it’s yet to set rules for certain aspects under the DPDPA, such as reporting data breaches or procedures for erasing personal data upon user request.
With the DPDPA aligning with the GDPR, a new standard in global data protection emerges. Companies dealing with GDPR have an advantage in adjusting to the DPDPA. Understanding the differences between these regulations is vital to follow India’s rules smoothly.