Data Protection Policy For Companies In India
With the Digital Personal Data Protection Act,2023 in place in India, data protection regime is all set to begin and therefore, companies should work out their own Data Protection Policies so as to avoid the unforeseen liabilities.
Some suggestions to be included in Data Protection Policy for your Business Organisations in India:
- Your organisation’s general approach to data protection of Data Principal
- How you will ensure that lawful processing is carried out in line with specified consent of Data Principal
- How the principle of data minimisation is to be met for Personal data
- Responsibility of data protection and responsibility for Storage of Data at the first place
- Role of the Data Protection Officer to protect the rightful usage of Personal Data
- How data processing practices are reviewed and accountability is maintained
- How your organisation demonstrates its accountability by maintaining Data Processing Records
- How the rights of Data Principals are protected
- Technical and organisational measures to ensure systems security of Digital Office
- How staff will be trained and supervised in handling Personal Data
- Where data processors are to be used and how they are selected
- How Consent Managers will be working
- Role and duties being carried out in the capacity of Data Fiduciary or Significant Data Fiduciary
- How the Data Protection and Privacy policies are made applicable to external agencies, external consultants, contractors, etc.,
- Obligations of staff to integrity and confidentiality of Data Principal
- Marketing and ePrivacy matters are dealt and documented
- Good practice and practical steps for staff to follow (e.g. what to do when sending bulk emails)
- Stringent Policies for using Child data wherever applicable.
The penalty being very harsh, every Company in India should focus for having a robust Data Protection Policy and implement a system to implement the same.
To know more about the issues discussed above, You may please connect with dataprivacy@amlegals.com or mridusha.guha@amlegals.com.