India's new data protection law is in the works and companies will only have to pay $2 million for violations

India's new data protection laws will be tabled in Parliament during the current winter sessionUnsplash

  • India’s Personal Data Protection Bill has been given a green light to be tabled at Parliament during the current winter session.
  • The bill is expected to propose fines of up to ₹15 crore or 4% of a company’s global annual turnover for major violations.
  • The fine is a mere fraction of the punishment imposed by the General Data Protection Regulation (GDPR).
India’s data legislation, the Personal Data Protection Bill, will be tabled during the current winter session of parliament. If it passes, the government can fine companies up to ₹15 crore ($2 million) or 4% of their global annual turnover — whichever is higher — for major violations.

Minor violation will be subject to ₹5 crore or 2% of a company’s annual turnover, as per the bill’s draft.


But, in comparison to the General Data Protection Regulation (GDPR), India’s attempt to ensure compliance might not pack the punch required. The European Union (EU) imposes much tougher punishments for those who fail to comply with its regulations.

Higher fines give GDPR its teeth — and it’s not afraid to bite

EU can level fines of at least 10 million Euros (₹79 crore) or 2% of a company’s annual global turnover for minor infringements under GDPR. In the case of a major violation, a company can even be fined up to 20 million Euros (₹ 158 crore) or 4% of their global annual turnover.

“The heft of the fine requires companies to be more responsible,” said a report by Consumers International. The higher potential for fines is also what gives GDPR its teeth — and they have already proven that they’re not afraid to bite.

Within a year of its inception, over 200,000 GDPR cases were reported and a total of 55 million fines were issued, according to the European Data Protection Board (EDPB). Some of the big cases include the $5 million fine against Google and $125 million against Marriot International. Overall, penalities over 350 million Euros ($387 million) were doled out.

And, the recorded cases are only the tip of the iceberg.

The number of people with access to the internet is growing and so are the devices that come along with them. As a result, the amount of data that is being generated online has increased substantially over the last couple of years. And, that data is a valuable resource for businesses. Analysing ‘big data’ enables them to formulate their future strategies and target users.

See also:
Here is a list of major bills to be introduced in the Winter Session of Parliament

Here’s what global tech CEOs have to say about India's data protection laws

Groups of foreign companies are lobbying against India's Personal Data Protection Bill