GDPR compliant firms should find it easy to adhere to draft Personal Data Protection Bill in India

In step to protect data and user privacy, the government-appointed panel presented their Personal Data Protection Bill to the Indian government on Friday. The bill was accompanied by a report titled, ‘Á Free and Fair Digital Economy: Protecting Privacy, Empowering Indians’.

There’s been much ado about its impact on the digital Indian economy. And the fact of the matter is, that the Srikrishna committee’s proposal is essentially a diluted version of the General Data Protection Regulation (GDPR).

That may not be the best news for users in terms of privacy and its implementation, but if firms have already started to become GDPR compliant then then Data Protection Bill shouldn’t require many changes for to adhere to, at least for Indian firms.

Even international companies, which deal with the data of European users, have already separated how they deal with data coming in from the EU.

The guidelines for the restrictions on the volume of data collected, how it is stored, the purpose of data collection, limitation on the use of personal data and notifications for data breaches are all subsets of what has already been put forth by the GDPR.


The cost of compliance is the major hurdle that firms, especially startups, will have to overcome. But, experts point out that provided a Privacy Impact Assessment (PIA) is carried out to analyse how data moves in and out of the organisation, future compliance costs can be avoided. However, the PIA in itself is an added cost.

Currently, privacy policies are generic, shorter in length and not available in local languages. The bill has put forward penalties ranging from ₹5-15 crores depending on the severity of non-compliance.