For violating the rules set forth in the draft Digital Personal Data Protection Bill 2022, which was released on Friday, the government increased the fine amount to up to Rs 500 crore.
An organization might be fined Rs 15 crore, which is equal to 4% of its annual global revenue, according to the 2019 draft personal data protection bill.
In line with the requirements of the bill, the draft calls for the creation of an Indian Data Protection Board.
The draft read, “If the Board deems at the completion of an inquiry that noncompliance by a person is serious, it may, after providing the individual a sufficient opportunity to be heard, impose such a financial penalty as provided in Schedule 1, not exceeding Rs.”
A system of graduated penalties has been proposed in the draft for data fiduciaries who handle data owners’ personal information solely in line with the Act’s rules.
The Data Fiduciary’s agent who processes data will be known as the Data Fiduciary, and the same set of sanctions will apply to that agent.
The draft suggests a fine of up to Rs 250 crore for any data fiduciary or data processor who neglects to take reasonable precautions to prevent the unauthorized access to or disclosure of any personal data in their possession or under their control.
Until December 17, public comments on the draft are welcome.