17 November
2018

How STT GDC India Has Embraced India’s Data Protection Bill, 2018

2018 saw the introduction of India’s Data Protection Bill, helmed by the Justice Srikrishna Committee. The much-anticipated bill comes at a time when data security and privacy have raised burning questions around the globe, owing to the rise of ubiquitous internet data consumption, fluid global data exchanges and digitalisation. Until recently, privacy legislation in India, hitherto governed by the Sensitive Personal Data and Information Rules, 2011, covered data protection in broad strokes, but did precious little to prevent the exploitation of personal information. The Data Protection Bill, 2018 heralds the advent of a legal paradigm that pivots around individual consent in data sharing.

The Launch of the Data Protection Bill

The Data Protection Bill asserts privacy as a fundamental right and reserves the use and processing of data exclusively for the purpose for which it was intended. In turn, it shields users from having their private data shared without prior approval, by way of measures like privacy by design, notice, de-identification and encryption. Its territorial scope envelops not only domestic companies, but also those companies located overseas, trading goods and services in India. The bill advocates the institution of privacy checkpoints in companies’ data life cycles, from collection to disposal, and lays down steep penalties for non-compliance, with fines ranging up to Rs. 15 Crores, or 4% of a company’s total worldwide turnover. Organizations will be given a grace period of one year to parlay their existing data policies into the bill’s privacy guidelines.

The Data Economy of the Future

The bill draws several threads from the European Union General Data Protection Regulation (GDPR). In particular, it highlights the need for privacy by design, archiving of personal data on a server located in India, consent of a data principal before the processing and empowerment of personal data, implementation of appropriate security safeguards to protect personal data, and immediate notification to the Data Protection Authority (DPA) of any personal data breach. It also underscores the importance of limiting personal data collection to a minimum threshold. The bill has proposed the formation of certain authorities and tribunals – namely the Data Protection Authority of India (DPAI) and the Appellate Tribunal – to fast-track grievances and complaints and to shorten lead times. Although the bill will bring a slew of benefits that serve to mitigate the risks presented by digital proliferation, the internet’s indiscernible territorial boundaries will still leave room for privacy and data breaches.

STT GDC India Soars on the Winds of Change

The Data Protection Bill has ignited a perceptual paradigm shift for organizations in moving their point of storage and placing their trust in third-party data centre providers. This comes amidst an enhanced understanding amongst organizations, in light of the draft bill, that third-party providers can better safeguard security and privacy, and shield data from compliance breaches. Consequently, there has been a surge in enterprises choosing to colocate with data centre providers. As India’s leading data centre provider, STT GDC India’s colocation engine has nimbly scaled to accommodate the higher demand and comply with the regulations proposed by the draft bill. Its 8-city-wide and 15-data-centre-strong spread, state-of-the-art facilities, carrier neutrality, flexible solutions, operational excellence and distinguished track record of moving with the tide and times, have elevated it as a preferred choice for organizations. In addition, its industry-diverse portfolio – comprising banking and financial services companies, cloud service providers, carriers, IT and e-commerce companies – has given it a technical edge in the data centre services space.

The Metamorphosis of Organisations

As organizations align themselves to the guidelines of the Data Protection Bill, a growing corporate crusade towards the installation of sturdy internal privacy policies is gaining pace. Companies will be expected to take on a roster of new duties under the bill, including appointing a Data Protection Officer, conducting Data Protection Impact Assessments, record keeping, instituting specific policies and measures, maintaining transparency, conducting data audits and implementing mechanisms for grievance redressal.

The Data Protection Bill will set the stage for Indian organizations to operate on a level playing field with data-forward companies in other geographies, while seeking superlative security, policy control and a compliance framework from leading data centre operators like STT GDC India. As data protection is increasingly embraced and implemented in corporate circles, India is slowly earning a cachet as a ‘safe country’ and a preferred destination for data.