By Reina Legal
10th January, 2019
Indian IT firms and BPO being a hub for outsourced services worldwide play a pivotal role in data processing.
Under the PDPB, 2019 Data Processor means any person/ State/ company/ juristic entity/ individual, who processes personal data on behalf of a data fiduciary (who determines the purpose and means of processing of personal data).
Obligations of Data Processor
Every data processor shall
- enter into contract with data fiduciary to process personal data
- assess the risks associated with data processing, and the likelihood and severity of the harm that may result
- implement necessary security safeguards
- undertake a review of its security safeguards periodically as per regulations and take appropriate measures accordingly
- shall not engage, appoint, use, or involve another data processor in the processing on its behalf, except with the authorisation of the data fiduciary and unless permitted in the contract
- only process personal data in accordance with the instructions of the data fiduciary and treat it confidential