Data Protection laws: Analysis of United Kingdom(EU GDPR) and Indian regime
Lakshay Parmar 20 Jan 2020

Data Protection laws: Analysis of United Kingdom(EU GDPR) and Indian regime

Data protection is the mechanism by which personal information is shielded from theft, misuse or failure. Data protection is becoming more relevant as the amount of data generated and processed continues to grow at unprecedented rates. A large part of a data protection strategy therefore ensures data can be restored quickly after any corruption or loss. The key components of data protection include protecting data from misuse and maintaining data privacy. The key principles of data protection are to safeguard and make available data under all circumstances.


Personal data is any information that applies to you, whether it involves your private, personal, or public life. In the online environment, where large amounts of personal data are exchanged and transmitted instantly around the globe, it is becoming increasingly difficult for people to keep control of their personal information. Data protection applies to the procedures, protections and contractual laws that are put in place to protect and ensure that you remain in control of your personal information. In short, you should be able to decide whether or not you want to share some information, who has access to it, for how long, why, and be able to alter some of that information, and more.


Data protection law in U.K and India

Data protection is a fundamental right within the European Union and the General Data Protection Regulation (GDPR) is the new framework for securing that right. It's has its own flaws but it's a very positive framework for users, allowing Europeans to take back control of their personal information. Even as the law is still being applied, it will come into force in May 2018, other countries look to the GDPR as they establish or introduce their own data protection regulations. The GDPR is considered to be a regulation which regulates how companies protect personal data of European citizens. The GDPR provisions apply to each Member State of the European Union, with the aim of creating more effective customer and personal data protection across EU nations. To put it simply, the GDPR requires a minimum set of standards for companies that handle data of EU citizens to better protect the collection and transfer of personal data from people. The Data Protection Act, 2018 is the enactment of the General Data Protection Regulation (GDPR) by Britain. Those responsible for using personal data must follow strict guidelines called ' principles of data protection’. They must ensure that the information is used legally and transparently.


India's data protection mechanism currently faces many challenges and resentments due to the lack of a proper legislative framework. India being the world's largest host of outsourced data processing could become the epicenter of cyber crimes, this is largely due to the lack of adequate legislation. The best solution will, however, come from good statutory regulations along with sufficient knowledge of the public and the employees. It is high time that, we in India have to pay attention towards data security.  In India there is no express legislation relating to data protection, although the Personal Data Protection Bill was introduced in 2006 but it is still waiting to see light till this day. This Bill follows a systematic model stating that it will regulate personal data collection, processing and distribution. It is important to note that the bill's applicability is limited to personal data as described in the 2nd clause of the Bill.

When we talk about Indian scenario, the Information Technology (IT) Act, 2000 which is also there and it governs the issues which relates to cyber crimes. Provision in the IT Act which deals with cyber crimes such as Section-43A which deals with compensation for damages caused by failure to maintain reasonable security practices to protect sensitive personal data.  Further, Data (Protection and Privacy) Bill was also introduced in the Parliament in 2017 proposing to bring privacy under ambit of legislation. This comes as a result of a verdict of the Hon’ble Supreme Court of India which declared Right to Privacy under Article-21 of the Indian Constitution.


Impact of GDPR on India

Data under this regulation does not only include personal information such as names, gender, e-mails but also the tracking of cookies and browser history and so on. The scope of GDPR is very wide as it applies to Indian companies which are present in European countries and even if not operating in an EU country but it processes personal data of residents of Europe. Indian companies who have potential to grow might not achieve the potential growth unless Indian legal framework meets GDPR protection standards. GDPR’s effect on Indian companies which comes under the scope of it might face heavy consequences as GDPR imposes heavy penalties (€20 million or 4% of global profit, whichever is higher) with respect to violation of its regulations.


Effects of GDPR on third party transaction

This regulation places equal liability on data controller (organizations that owns the data and determines the purpose for which it will be used) and data processor (who manage the data). GDPR states that if the third party is not in compliance with the regulations it will be assumed that the controller is also not in compliance for the same. Under GDPR, organizations who control the data are required to ensure that the third party, to which they are providing personal data, are in compliance and have adequate legal measures dealing with data protection. Article 28 of GDPR now mandates, “any company who are doing business in the EU will be responsible for all third parties processing personal data on their behalf”. This measure is taken because nearly 63% of the data breaches in 2018 were associated with third parties who were processing that data.




There are certain rights that GDPR contents that were present before its enforcement, these rights are:

·         Right to object: An individual can now make an objection regarding the processing of his personal data in certain circumstances

·         Right to erasure: Right to erase personal information in certain circumstances. For example- at the end of a contract.

A contract under GDPR will state that conduct of third parties that; they will act on your documented instructions; they won’t contract sub-processors without your prior approval; will return all personal data back at the end of the contract.


United Kingdom was diligent enough to constitute an act which is directly in line with the GDPR. The reason behind this was to have an express legislation relating to data security and protection. India is still to have the same in its legal regime as many bill were introduced but never transformed into an act, the Data (Protection and Privacy) Bill 2017 which was mostly in compliance with GDPR provisions was also left hanging. India requires a legal framework that meets both legal and public standards as prevalent in the jurisdictions from which data is shipped to India. In practical terms the biggest hurdle is for India to legally adjudicate and publicly view its domestic data protection law system as adequate. Not having adequate legislations regarding data protection will hinder the potential growth of the companies working in the respective industry. India sees itself as the location where such companies will be able to develop themselves. Thus, by creating a good data protection law India could extend far beyond being a mere service provider to multinational corporations around the world. In effect, it wants to set up India as a corporation.

Did you find this write up useful? YES 0 NO 0
New Members view all


C2RMTo Know More

Something Awesome Is In The Work









Sign-up and we will notify you of our launch.
We’ll also give some discount for your effort :)

* We won’t use your email for spam, just to notify you of our launch.

SAARTHTo Know More

Launching Soon : SAARTH, your complete client, case, practise & document management SAAS application with direct client chat feature.

If you want to know more give us a Call at :+91 98109 29455 or Mail