dpdpa.co.in

Menu

    DRAFT RULES

    Rule 1

    Rule 2

    Rule 3

    Rule 4

    Rule 5

    Rule 6

    Rule 7

    Rule 8

    Rule 9

    Rule 10

    Rule 11

    Rule 12

    Rule 13

    Rule 14

    Rule 15

    Rule 16

    Rule 17

    Rule 18

    Rule 19

    Rule 20

    Rule 21

    Rule 22

    First Schedule

    Second Schedule

    Third Schedule

    Fourth Schedule

    Fifth Schedule

    Sixth Schedule

    Seventh Schedule

    Rule 6

    Reasonable security safeguards

    1. A Data Fiduciary shall protect personal data in its possession or under its control, including in respect of any processing undertaken by it or on its behalf by a Data Processor, by taking reasonable security safeguards to prevent personal data breach, which shall include, at the minimum,—
      a. appropriate data security measures, including securing of such personal data through its encryption, obfuscation or masking or the use of virtual tokens mapped to that personal data;
      b. appropriate measures to control access to the computer resources used by such Data Fiduciary or such a Data Processor;
      c. visibility on the accessing of such personal data, through appropriate logs, monitoring and review, for enabling detection of unauthorised access, its investigation and remediation to prevent recurrence; 
      d. reasonable measures for continued processing in the event of confidentiality, integrity or availability of such personal data being compromised as a result of destruction or loss of access to personal data or otherwise, including by way of data backups;
      e. for enabling the detection of unauthorised access, its investigation, remediation to prevent recurrence and continued processing in the event of such a compromise, retain such logs and personal data for a period of one year, unless compliance with any law for the time being in force requires otherwise;
      f. appropriate provision in the contract entered into between such Data Fiduciary and such a Data Processor for taking reasonable security safeguards; and
      g. appropriate technical and organisational measures to ensure effective observance of security safeguards.
    2. In this rule, the expression “computer resource” shall have the same meaning as is assigned to it in Information Technology Act, 2000 (21 of 2000).
    Rule 5
    Rule 7
    Scroll to Top