What are the penalties for non-compliance with any applicable data protection laws?
Non-compliance with Data Privacy Laws and Data breaches may lead to sanctions, fines, and penalties. The amounts are usually calculated according to the risk to which personal rights were exposed and the preventive measures taken by the data controllers, processors and sub-processors in relation to their respective role in the chain of personal data processing.
When a corporate entity in India is negligent in implementing security practices and procedures and it results in a wrongful loss/gain to a person, then the corporation is required to pay damages to the affected individual(s). In addition, there are penalties for failing to provide and maintain information and documents required under the Information Technology Act:
- Failure to provide a document, return or report to the Controller could result in a penalty of up to INR 150,000 for each instance.
- Failure to file a return or provide books or other documents within the required timeframe could result in a liability of up to INR 5,000 for each day it’s delayed.
- Failure to maintain books or records creates a liability of up to INR 10,000 for each day the failure continues.
Non-compliance with India’s Data Protection Rules, which doesn’t fall into one of these categories, may still result in penalties under the IT Act with the corporate entity liable for paying compensation of up to INR 25,000. Failure to respond to information requests or direction from the Indian Computer Emergency Response Team (CERT-In) can result in imprisonment for up to one year or a fine of up to INR 100,000.
There are also other penalties including fines and imprisonment for intentional acts and misrepresentation (such as suppressing facts from the Controller or Certifying Authority).
HR Best Practices: When processing personal data, ensure everyone is following the security and consent measures outlined in the Information Technology Act. In the event of a possible data breach, reach out to CERT-In as soon as possible and follow their instructions.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.