Data Protection Officer

By Reina Legal

20th December, 2019

The PDPB, 2019 talks about appointing a Data Protection Officer (DPO) in certain cases.

Appointment of DPO

  • Every significant data fiduciary shall appoint a data protection officer
  • Such officer shall be based in India and shall represent data fiduciary
  • Shall possess such qualification and experience as may be specified by regulation

Functions of DPO

  • provide information and advice to the data fiduciary on matters relating to fulfilling its obligations under this Act
  • monitor personal data processing activities of the data fiduciary to ensure that such processing does not violate the provisions of this Act
  • provide advice to the data fiduciary on carrying out the data protection impact assessments and carry out its review
  • provide advice to the data fiduciary on the development of internal mechanisms
  • provide assistance to and co-operating with the Authority on matters of compliance of the data fiduciary with the provisions under this Act
  • act as the point of contact for the data principal for the purpose of grievances redressal
  • maintain an inventory of records to be maintained by the data fiduciary

Penalty

Where the significant data fiduciary contravenes to appoint a data protection officer shall be liable to a penalty which may extend to five crore rupees or two per cent of its total worldwide turnover of the preceding financial year, whichever is higher.