Nirav Goti
Dec 30, 2022
•
5 Min
Data Principal (DP) = Individual whose Personal Data it is. (Globally, the term used is ‘Data Subject’).
Data Fiduciary (DF) = The Organization who determines the purpose and means of processing. (Globally, the term used is ‘Data Controller’).
Data Principals would have the following four rights they can invoke with a Data Fiduciary:
Duties for a DP: (this is new!)
Essentially the DP has a duty to ensure nothing false or fraudulent is shared. Penalty upto 10K is also proposed for any transgressions here.
Breaches to be notified to:
A Data Fiduciary needs to
The Bill has not spelt out exactly who would come under the SDF category. Only listed factors that would be used to determine who would come under this category. Left it to the government to notify later. The surmise is that essentially anyone doing Data Processing that can be risky would come under this umbrella.
Government will whitelist countries/territories where Personal Data transfer is allowed. (this is new!)
Certain Data Fiduciaries – based on the volume and nature of Personal Data processed -would be exempt from certain clauses. However, the basic principles of sticking to processing data only for the purposes the Data Principal has consented to will apply without exception.
Over and above the penalties indicated earlier in this note,
Click here to find a reference
Nirav Goti, Co-Founder & COO at Certbar, leads R&D and delivery. With 7+ years in ethical hacking, he chairs SGCCI’s cybersecurity committee. A seasoned speaker, Nirav graduated in Computer Science, specializing in wireless communication, networking, and information security. Former roles include Professional Service Manager at HulkApps, Inc.
Share