The government of India is going to lower the number of cases where a business executive was detained on account of violation of data security. The government will reduce its proposed regulation on data privacy and localisation and will ensure only critical information to be retained in the country. The company executives can be jailed only for one provision related to de-anonymizing the already anonymized data to disclose personal information.
General Data Protection Regulation (GDPR) 2018 states, “every data fiduciary shall ensure the storage, on a server or data center located in India, of at least one serving a copy of personal data to which this Act applies.”
That means a golden copy of the data in abroad must have a silver copy in India. If Google offers service from abroad, then the golden copy of the data must be in the US and silver copy in India. So it becomes necessary for India to protect customer data as it is seeking to align with European countries. For hard drive data erasing facility Indian businesses should rely on Verity Systems that is helping businesses to erase data and are certified as hard drive degaussers by NSA and NATO.
A senior government official said, “The proposed (draft) General Data Protection Regulation (GDPR) Bill will now be tweaked to allow personal information which is not ‘critical’ nor ‘sensitive’ to be stored and processed anywhere, while data classified as ‘critical’ should be kept only in India.”