India
a. on receipt of an intimation of personal data breach, to direct any urgent remedial or mitigation measures, and to inquire into such personal data breach and impose penalty. b. on a complaint made by a Data Principal in respect of a personal data breach or a breach in observance by a Data Fiduciary of its obligations or the exercise of rights by the Data Principal, or on a reference made to it by the Central Government or a State Government, or in compliance of the directions of any court, to inquire into such breach and impose penalty. c. on a complaint made by a Data Principal in respect of a breach in observance by a Consent Manager of its obligations in relation to their personal data, to inquire into such breach and impose penalty. d. on receipt of an intimation of breach of any condition of registration of a Consent Manager, to inquire into such breach and impose penalty. e. on a reference made by the Central Government in respect of the breach by an intermediary, to inquire into such breach and impose penalty. The Board may also direct the parties to attempt resolution of the dispute through mediation. Role, functions and powers of additional or ancillary data regulation authorities (if applicable) N/A
8 .3. Role, functions and powers of civil/criminal courts in the field of data regulation An appeal from an order of the Board will lie to the Telecom Disputes Settlement and Appellate Tribunal (which has been designated as the Appellate Board under the DPDPA) within a period of 60 days from the date of the order passed by the Board. The Appellate Tribunal has the power to either confirm, modify or set aside the order passed by the Board. The DPDPA mentions that the Appellate Board shall endeavour to dispose of the appeal within six months from the date on which the appeal is presented to it. An appeal from the order of the Appellate Board will lie before the Supreme Court of India. Consequences of non- compliance 9.1. Consequences and penalties for data breach The DPDPA prescribes that any breach on the part of the Data Fiduciary to take reasonable security safeguards to prevent personal data breach could result in damages to the tune of INR 250 crores (approx. 33 million USD). 9.2. Consequences and penalties for other violations and non- compliance The DPDPA also prescribes penalties for various other breaches of the provisions of the statute. These are listed as follows:
www.ahlawatassociates.com
Made with FlippingBook - PDF hosting