Employee Data Privacy

India - Cross-Border Data Transfer

 Download as a PDF

Are there any restrictions on transferring personal data and how can these be overcome?


Cross-border data transfer affects all organizations that engage online IT services, cloud-based services, remote access services and global HR databases.


Transferring sensitive personal information (SPI) inside and outside of India is allowed only when the entity receiving the SPI maintains the same level of protection required under the Data Protection Rules as the body corporate (i.e. the employer, in the context of HR) (Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011).


In addition, SPI can only be transferred with the consent of the information provider (i.e. the data subject), unless the transfer is necessary for the company to perform its obligations under a contract with the information provider.


HR Best Practices: The use of applications in the cloud frequently results in the international transfer of employee data. Sensitive personal information should only be transferred inside and outside India when the same level of protection required under the Data Protection Rules is followed by the receiving entity and when you have the consent of the information provider (i.e. the employee) to process the SPI.


Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.

Share Your Feedback

Let's Talk