Govt proposes penalty of up to Rs.500 cr for data breach under Data Protection Bill
The draft personal data protection bill in 2019 proposed a penalty of Rs.15 crore or 4 per cent of the global turnover of an entity
The government has raised the penalty amount to up to Rs.500 crore for violating the provisions proposed under the draft Digital Personal Data Protection Bill 2022 issued on Friday.
The draft personal data protection bill in 2019 proposed a penalty of Rs.15 crore or 4 per cent of the global turnover of an entity.
The draft proposes to set up a Data Protection Board of India, which will carry on functions as per the provisions of the bill.
"If the Board determines at the conclusion of an inquiry that noncompliance by a person is significant, it may, after giving the person a reasonable opportunity of being heard, impose such a financial penalty as specified in Schedule 1, not exceeding rupees five hundred crore in each instance," the draft said.
The draft has proposed a graded penalty system for data fiduciary that will process the personal data of data owners only in accordance with the provisions of the Act.
The same set of penalties will be applicable to the Data processor - which will be an entity that will process data on behalf of the Data Fiduciary.
The draft proposes a penalty of up to Rs.250 crore in case the Data Fiduciary or Data Processor fails to protect against personal data breaches in its possession or under its control.
The draft is open for public comment till December 17.