Adv. Puneet Bhasin
About the Speaker:
Puneet Bhasin is a pioneering figure in Indian Cyber Laws, acknowledged with the “Best Cyber Lawyer in India” title and five National Awards for her contributions. As an advisor to Rajya Sabha Committees, she has shaped Internet laws and offered expert insights on diverse fronts, from amending the Information Technology Act to cryptocurrency regulation. Her articles grace newspapers and online platforms, and she’s a familiar face on news channels. Her Cyberjure Academy has trained numerous professionals, while her expertise in areas like Blockchain, GDPR, AI, and digital healthcare laws, backed by a clientele of over 400 global entities, solidifies her position as a top Cyber Law expert.
Rights of Data Principal
Right to access information about personal data:
The data principal holds the right to receive specific information about their personal data.
Right to correction and erasure of personal data:
The data principal possesses the entitlement to rectify their personal data "in the manner directed by regulations.“
Right of grievance redressal:
Data principals hold the authority to raise their concerns with the data fiduciary.
Right to nominate:
The data principal has the right to nominate any other individual to exercise the above-mentioned rights under the Proposed Law in the event of the death of the data principal.
Duties of Data Principal
1. While exercising the rights established by the provisions of this Act, the data principal is obligated to adhere to the regulations of all relevant and currently enforced laws.
2. The data principal must make sure that they do not falsely represent themselves as someone else when furnishing their personal information for a particular purpose
3. The data principal is responsible for refraining from submitting misleading or trivial complaints or grievances to a data fiduciary or the Board.
4. While utilizing the right to correction or erasure as outlined in this Act or the associated regulations, the data principal is obliged to provide solely information that can be reliably verified as authentic.
• Data Fiduciary must make reasonable efforts to ensure the accuracy, completeness and consistency of data.
• Data Fiduciary must build reasonable security safeguards to prevent a data breach.
• Data Fiduciary must inform the Data Protection Board of India and affected persons in the event of a breach.
• Data Fiduciary must erase personal data as soon as the purpose has been met and retention is not necessary for legal purposes (storage limitation).
Certain data fiduciaries may be designated as significant data fiduciaries. Certain factors must be taken into regard such as:
(i) volume and sensitivity of personal data processed,
(ii) risks to the rights of data principals,
(iii) security of the state, and
(iv) public order.
These entities will have certain additional obligations including:
(i) Appointing a data protection officer, and
(ii) Conduct regular Data Protection Impact Assessments.
(iii) Engage an Independent data auditor to conduct a data audit.
1. Breach is observing the obligation of Data Fiduciary to take reasonable security safeguards to prevent personal data breach the penalty may extend to two hundred and fifty crore rupees.
2. Breach in observing the obligation to give the Board or affected Data Principal notice of personal data breach the penalty may extend to two hundred crore rupees.
3. Breach in observance of additional obligations in relation to children under law the penalty may extend to two hundred crore rupees.
4. Breach in observance of additional obligations of Significant Data Fiduciary under the law penalty may extend to one hundred and fifty crore rupees.
5. Breach is observance of the duties under law the penalty may extend to ten thousand rupees.
6. Breach of any other provision of this Act or the rules made there under . The penalty may extend to fifty crore rupees.
