Data protection laws sometimes include conformity assessments, which help to ensure businesses follow regulations. Requirements can include registration before the Data Protection Authority and random audits.
India’s Information Technology Act, 2000 (IT Act) and Information Technology Rules, 2011 on Reasonable Security Practices and Procedures and Sensitive Personal Data or Information (“Privacy Rules”) do not include any registration requirements to process human resources related data. That said, India’s draft privacy Bill includes the potential for registration requirements for significant data fiduciaries in certain circumstances (i.e., those who are large controllers of personal data).
