Data protection is important for certain sectors like the banking industry, the finance industry, and the healthcare industry. Recently the data protection bill passed for the year 2018 says the following guidelines for the sensitive data protection. The personal data of Indian citizen should be saved in a server located in India. The definition of the personal data should be defined by the government and the law imposes the transparency and accountability of the data.
The DPA fix the criteria for the data protection after reviewing some of the information like the volume of the personal data, the degree of sensitivity in the data as per the information from the authority, turnover from the data, use of the technologies over the data, and other data which cause harm to the personal data.
Data flow and Data localization
Google CEO Sundar Pichai also said that the “data flows encourage the startup companies to get the global presence and the global companies to participate in the Indian digital economy”. Many big companies and small companies support the data flow and the data localization.
Data war in different industries
As a part of the initiative to welcome the new law, Microsoft India launched the free online course to give detailed information regarding the data compliance and basics of GDPR. Even the banking and insurance industries are moving to the blockchain to support the data localization and data flow in India.
Principles to be followed for the personal data
- As per the data protection Act, the common data like names, addresses, e-mails, telephone numbers, bank and credit card details, and health information are sensitive data which has to be protected.
- The data should be used in specific ways.
- The sensitive data are used only for a specific period of time.
- The personal data are used in relevant ways.
- These sensitive data are kept safe with the required security measures.
- The stored information as personal data should be relevant.
- There should be openness in the personal data.
- Personal data should be collected with a purpose. The data is collected for specific reasons and to take up specific functions.
- The personal data should be adequate in numbers.
- The data protection rule is applicable to all the businesses dealing with the personal data.
- The corporate body collects the personal data only for the lawful function and the collected information is shared with the government agencies for security purposes.
- The government agencies should not share the information received to any unknown person.
- The personal data and the biometric data collected from the individuals are maintained by the government agencies.