Employee Data Privacy

India - Employee Access Rights

 Download as a PDF

Do individuals have the right to access their personal information?


Data protective jurisdictions tend to guarantee the right of individuals to contact an organization directly and find out whether personal data is being tracked. Access procedures and acceptable exceptions (such as business secrecy) are determined by law and may be subject to the control of data protection authorities. In the context of HR, personal data access requests can include information tracked by the company as well as data tracked by third-party solutions, such as background check vendors.


In India, under the Information Technology Rules, 2011 on Reasonable Security Practices and Procedures and Sensitive Personal Data or Information (“Privacy Rules”), employers (and other data controllers) must allow data subjects to review, correct and amend their sensitive personal data or information (SPDI). In addition, if SPDI is being processed, individuals retain the right to withdraw consent at any time.

That said, note that if the parties agree on what constitutes reasonable security practices/procedures, the parties can agree to exclude the applicability of the Privacy Rules, including the applicability of rights granted to the data subject.


UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk