India’s Personal Data Protection Bill (“PDP Bill”), 2018: Brief Introduction, Key Provisions and Comparison with GDPR

Harish Suryavanshi, Senior Corporate Counsel, Tech Mahindra Limited, India

In today's digital age, a primary point of concern for the individuals is breach of their privacy. India currently lacks any comprehensive data protection regime which can protect its citizens against such violations of their privacy in this digital age. India's current data protection regime is primarily governed by the Information Technology Act, 2000 (“IT Act”), and the Information Technology (Reasonable Security Practices and Sensitive Personal Data or Information) Rules, 2011 (“IT Rules”). The IT Act and the IT Rule did not prove to be sufficient and effective in dealing with the privacy and data protection violations in India. There was an urgent need to have a comprehensive data protection law in India and hence, the Personal Data Protection Bill, 2018 (“PDP Bill”) has been introduced in India and most likely will be turned into law after the Bhartiya Janata Party (BJP) led government is formed.

Read full paper Subscribe to the IICJ
Data Protection IT June 2019 Vol.12, No. 47, Spring 2019

Harish Suryavanshi


Harish Suryavanshi is a post graduate in English and passed his Bachelors in Law (LL. B) from University of Pune in India. He is having 15 years of professional work experience of handling commercial contracts, contractual disputes, and M&A activities across various regions. He is currently working as a Senior Corporate Counsel with Tech Mahindra Limited in Pune, India. He can be contacted at

Data Protection IT June 2019 Vol.12, No. 47, Spring 2019