Author: | Published: 17 Oct 2018

Q: should India implement a GDPR-like data protection law?


Rabindra Jhunjhunwala, partner at Khaitan & Co.

Since 2000, India has seen exponential growth in the IT enabled services industry and in business processing outsourcing. The country's current data privacy and protection legal regime lacks a dedicated law and an exclusive regulator. Data privacy and protection is governed primarily through sections 43A and 72A of the Information Technology Act, 2000 (IT Act), along with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules) under section 43A of the IT Act.

Enforcement under the current legal regime has been dismal. Recently, the Supreme Court recognised privacy as a fundamental right under article 21 of the Indian Constitution, and also directed the government to bring out an exclusive law on data privacy. With the Cambridge Analytica debacle and the Supreme Court's directions as...



close Register today to read IFLR's global coverage

Get unlimited access to IFLR.com for 7 days*, including the latest regulatory developments in the global financial sector, updated daily.

  • Deal Analysis
  • Expert Opinion
  • Best Practice


*all IFLR's global coverage published in the last 3 months.

Read IFLR's global coverage whenever and wherever you want for 7 days with IFLR mobile app for iPad and iPhone

"The format of the Review has changed over the years; the high quality of its substantive content has not."
Lee C Buchheit, Cleary Gottlieb