PDPB Compliance

Safeguard the sensitive data of Indian residents — and track cross-border data flows

India’s Personal Data Protection Bill (PDPB)

The Personal Data Protection Bill (PDPB) aims to align India’s data protection regime with the EU’s General Data Protection Regulation (GDPR).

PDPB’s scope is broader than GDPR’s. The India law regulates the processing of personal data by the state, any citizen of India, or any person or body incorporated or created under Indian law.

An entity may fall within scope merely by processing personal data in India — even through the use of a processor in India.

Challenges to PDPB Compliance

– expanded definitions of personal data, sensitive personal data, and critical personal data
– new legal bases for processing data
– stricter deletion and remediation requirements
– protections on the cross-border flow of data
– the creation of a new regulating body, the Data Protection Authority (DPA)
– companies need to be able to effectively classify and tag all their high-risk and sensitive data to ensure its protection.

Fulfill Data Access Requests

Under PDPB, data principles receive certain rights similar to those covered by GDPR and CCPA. These data rights include:

– the right to access data
– the right to correction
– the right to data portability
– the right to erasure
– the right to be forgotten

Companies need to ensure data rights access fulfillment — and automate manual processes for individual requests.

Data Minimization and Retention

PDPB includes restrictions around data minimization, in which personal data must be “collected only to the extent that is necessary for the purposes of processing of such personal data.”

The law also calls for specific storage limitations and requires deletion of data unless retention is required by law or consent for retention is obtained.

PDPB’s strict retention requirements create the need to set internal data retention policies that companies can act on swiftly — while also being able to identify duplicate and redundant data.

New Terminology Under PDPB

In addition to personal data and sensitive personal data, PDPB introduces the category of “critical personal data” and creates new definitions for “data fiduciaries” — similar to data controllers — and “data principles,” similar to data subjects.

Companies must contextualize data with identity profiling and indexing that covers all types of sensitive data across the enterprise

Penalties and Enforcement

Penalties under both GDPR and PDPB are similar, with fines of up to 4% of a company’s global annual revenue. PDPB also includes criminal penalties of up to three years of imprisonment and a $3,000 fine.

Organizations must be able to report on whose data they have, enable correction workflows, effectively de-identify data, and more.

Get A Demo

How BigID Helps with PDPB Compliance

  • Identify and Map All Your Data

    Find and inventory your sensitive information for a clear, comprehensive view of all the data you store and maintain — not just the data you know about.

  • Detect Cross-Border Data Transfers

    Track data access, usage, and transfer violations across the organization for immediate action — and apply controls for breach risk reduction.

  • Clean Up Your Data

    Minimize duplicate, similar, and redundant data; fix data quality issues; and automate workflows based on retention timelines.

  • Tag Data for Legal Purposes

    Ensure that data is being processed in accordance with the new legal bases established by PDPB to achieve compliance.

Get a Demo

BigID for PDPB Compliance

  • Discovery-in-Depth

    Discover all sensitive and regulated information that falls under PDPB — wherever it’s stored across the enterprise.

  • Next-Gen Classification & Correlation

    Take an ML-based approach to automatically classify, tag, and discover relationships among high-risk, regulated data.

  • Data Retention App

    Apply data retention rules based on a disclosed purpose, define custom policies, and apply them consistently across all data types and data sources.

  • Data Remediation App

    Remediate personal, sensitive, and critical data regulated by PDPB — and manage high-risk data with remediation workflows and audit trails.

Awards & Recognition