Identify and Map All Your Data
Find and inventory your sensitive information for a clear, comprehensive view of all the data you store and maintain — not just the data you know about.
The Personal Data Protection Bill (PDPB) aims to align India’s data protection regime with the EU’s General Data Protection Regulation (GDPR).
PDPB’s scope is broader than GDPR’s. The India law regulates the processing of personal data by the state, any citizen of India, or any person or body incorporated or created under Indian law.
An entity may fall within scope merely by processing personal data in India — even through the use of a processor in India.
Under PDPB, data principles receive certain rights similar to those covered by GDPR and CCPA. These data rights include:
Companies need to ensure data rights access fulfillment — and automate manual processes for individual requests.
PDPB includes restrictions around data minimization, in which personal data must be “collected only to the extent that is necessary for the purposes of processing of such personal data.”
The law also calls for specific storage limitations and requires deletion of data unless retention is required by law or consent for retention is obtained.
PDPB’s strict retention requirements create the need to set internal data retention policies that companies can act on swiftly — while also being able to identify duplicate and redundant data.
In addition to personal data and sensitive personal data, PDPB introduces the category of “critical personal data” and creates new definitions for “data fiduciaries” — similar to data controllers — and “data principles,” similar to data subjects.
Companies must contextualize data with identity profiling and indexing that covers all types of sensitive data across the enterprise
Penalties under both GDPR and PDPB are similar, with fines of up to 4% of a company’s global annual revenue. PDPB also includes criminal penalties of up to three years of imprisonment and a $3,000 fine.
Organizations must be able to report on whose data they have, enable correction workflows, effectively de-identify data, and more.
Find and inventory your sensitive information for a clear, comprehensive view of all the data you store and maintain — not just the data you know about.
Track data access, usage, and transfer violations across the organization for immediate action — and apply controls for breach risk reduction.
Minimize duplicate, similar, and redundant data; fix data quality issues; and automate workflows based on retention timelines.
Ensure that data is being processed in accordance with the new legal bases established by PDPB to achieve compliance.
Discover all sensitive and regulated information that falls under PDPB — wherever it’s stored across the enterprise.
Take an ML-based approach to automatically classify, tag, and discover relationships among high-risk, regulated data.
Apply data retention rules based on a disclosed purpose, define custom policies, and apply them consistently across all data types and data sources.
Remediate personal, sensitive, and critical data regulated by PDPB — and manage high-risk data with remediation workflows and audit trails.
Get a custom demo with our data experts in privacy, protection, and perspective – and see BigID in action.