India's Proposed Data Protection Bill: Compliance IssuesPolicy Expert Rahul Sharma on Setting Priorities
If India's proposed data protection bill is enacted into law, Indian organizations that must also comply with the EU's General Data Protection Regulation would have to focus, first and foremost, on compliance with India's new law, says Rahul Sharma, founder of The Perspective, a consultancy that focuses on cyber policy.
"An Indian data protection bill will be the law of the land. All other laws are only transferring obligations from a contractual viewpoint. So this [proposed bill] ... would always get precedence over any other law," Sharma says in an interview with Information Security Media Group.
The draft legislation includes a long list of sensitive personal information that must be protected, which could prove impractical, Sharma says. "The committee has included caste and religious beliefs as sensitive data," he points out. "It will be interesting to see how organizations are required to protect this information because it is the names of individual itself that reveals the details of caste and religion. I'm not sure how organizations are going to protect processing of this information."
In this interview (see audio link below photo), Sharma also discusses:
- The various criteria for sensitive personal information;
- How the proposed bill would affect cross border data flow;
- His observations about where the bill misses the mark.
Sharma is the founder of The Perspective, a consultancy specializing in data policy and privacy. He has more than a decade of experience working in technology, public policy, cybersecurity and privacy space. He is also country leader-India for the International Association of Privacy Professionals.