Data Protection Bill Proposes Penalty Of Up To Rs 500 Cr For Non-compliance

The government has put forth the proposal of up to Rs 500 crore for non-compliance of provisions under the draft ‘Digital Personal Data Protection Bill 2022’.

In the previous iteration of the draft personal data protection bill (2019), the penalty was Rs 15 crore/ 4 per cent of the global turnover of the offending entity.

On Friday, the government unveiled the draft of highly awaited Data Protection Bill and invited comments on the same.

While Rs 500 crore is the top ceiling for the penalty, it will be decided based on various factors including the nature, gravity and duration of the non-compliance; the type and nature of the personal data affected by the noncompliance; repetitive nature of the non-compliance or whether the person, as a result of the non-compliance, has realized a gain or avoided any loss and more.

The draft also announced that the Central Government will be establishing a Board to be called the Data Protection Board of India. This body will be in-charge of the allocation of work, receipt of complaints, formation of groups for hearing and pronouncement of decisions.

"If the Board determines at the conclusion of an inquiry that noncompliance by a person is significant, it may, after giving the person a reasonable opportunity of being heard, impose such a financial penalty as specified in Schedule 1, not exceeding rupees five hundred crore in each instance," the draft noted.

The draft also proposes a penalty of up to Rs 250 crore if a data fiduciary or data processor fails to have safeguards to prevent personal data breach.