Cyber Security For Indian Businesses

Cyber Security For Indian Businesses laws are going to change soon to align with the rest of the world. Also, the Constitution of India already recognises a right to privacy.

Please note that as of 3rd August 2022 the Indian Personal Data Protection Bill (2019) has been withdrawn and is no longer being considered in Parliament.

Concerns surrounding Cyber Security For Indian Businesses

In addition to the public law implications, this right has influenced the development of a tortious right against the invasion of privacy. The interpretation of rights embodied in laws on consumer protection, health, IT, telecom licences, also the financial sector

Most companies, regardless of sector will be impacted by the IT Act and the SPDI Rules.

This Act mandates that Corporate Bodies. eg: Companies, Firms, Sole Traders and others engaged in commercial or professional activities. Especially those that handle sensitive personal data or information are liable to pay damages for any loss caused by their negligence in implementing and maintaining reasonable security practices and procedures.

Working with Cyber Security For Indian Businesses


Evaluate Risk

For a typical business promoting goods or services for sale. where no identifiable personal information is recorded then the risk is extremely low.


Indian Law

Companies negligent in setting and maintaining security practices and procedures for protecting personal data may be liable to pay compensation.


Internation Laws

Should your online business interacts with people or other companies based outside of India. you must abide by the data security rules of these other countries.


SPDI Rules

Sensitive personal data should only be collected for a lawful purpose connected with the company and must be necessary for this purpose.


Future Implications

The laws on how data is processed in India are still being decided. we are monitoring the developments and adhere to all laws as they are today.

Cyber Security For Indian Businesses

Don’t wait for the laws to change

Although the IT Act doesn’t yet define security practices / procedures for Cyber Security For Indian Businesses. SPDI Rules, framed under the Act, specify some standards of data protection for sensitive personal data.

Rules are not intended to be exhaustive but require companies to have a privacy policy. Obtain consent when collecting or transferring sensitive personal data or information, and to inform data subjects of recipients of such collected data.

The Act also prescribes criminal penalties that include both imprisonment of up to three years. Fines for persons that disclose personal information without the consent of who the data relates. Where such disclosure is in breach of a contract or results in wrongful loss or gain.

Translate »