• by Ray Schultz , January 9, 2020

Brands active in India will soon find themselves burdened with a GDPR-style law that, in effect, will create barriers to doing business there. 

Worse, the law will create criminal penalties, whereas GDPR provides only civil fines. 

The government of Narendra Modi has approved a second draft of the pending Personal Data Protection Act and it will be voted on by Parliament in February, according to The Daily Swig. 

It was not clear from this report whether the law demands opt-in for sending emails or allows opt-out.

One feature that upsets observers is the rule that sensitive data on Indian citizens must be stored on servers within India, although non-sensitive information can be kept outside. However, the Indian government will define the difference.

“Trade groups, including the US-India Business Council (USIBC) and US-India Strategic Partnership Forum, have balked at such barriers to operating in a country of 200 million internet users and an IT sector with an annual growth rate of 7.2%,” the Daily Swig writes.

The new Indian law establishes fines of 2% of a company’s annual global turnover for data breach violations, and 4% for repeat offenses.

However, going beyond GDPR, it also can lead to jail time for company directors, the report says.