Data Protection Regulations and Compliance Requirements - Analysis of Regulations from EU, Singapore and India

1. Introduction:

In our world today which is run by technology and information protecting personal data becomes a priority for the people. Therefore protecting personal data becomes crucial and the government makes laws and regulations regarding it. Further, we will look at different regulations and laws in the European Union, Singapore, and India. As technology evolves and data flows across countries it becomes very important for businesses and individuals to be aware of it. The European Union uses Data Protection Regulation (GDPR), while Singapore has its own through its Personal Data Protection Act (PDPA), while India is still making developments, First, they had a PDBP bill in 2019 then later Digital Personal Data Protection (DPDP) Act, 2023.

We will look the different regulations and see their complexities and similarities and how these laws protect sensitive information.

2. European Union (EU) Data Protection Regulations:

The General Data Protection Regulation (GDPR), implemented on May 25, 2018, it was a very important regulation that came into place as it protected sensitive data. This protected the data of EU citizens as well as protected data of EU residents.[1]

There some key principles of GDPR such as lawfulness, equity, and openness; purpose restriction; data reduction; precision; storage restriction; integrity and secrecy (security); and responsibility. Actually, the only one of these ideas that is new to data protection regulations is responsibility. Data minimisation is something that is not new but important Organisations shouldn't collect more personal information than they need from their users. The goal of the principle is to make sure that companies don't gather too much personal data about their clients. For example, it is highly improbable that an online store would need individuals to provide their political ideas in order for them to be added to the retailer's email mailing list and informed when sales are occurring. Further, there needs to be Integrity and confidentiality (security). Basically, there needs to be security and protection so information is not hacked or leaked.[2]

3. Singapore Data Protection Regulations:

The Personal Data Protection Act (PDPA) in Singapore serves as the cornerstone of the nation's data protection framework. First passed on October 15, 2012, the Personal Data Protection (Amendment) Act 2020 (together, the "Act") quickly amended it to match the GDPR's speed. According to PDPA any information that may be used, directly or indirectly, to identify an individual is considered "personal data." Name, address, date of birth, credit card number, and email address are examples of this, but they are not the only ones. This needs to be protected. Further the scope of PDPA is vast. Its legal scope is that encompasses people, groups of people, and organisations (whether incorporated or not) that are either based in Singapore or outside. Additionally, it defines and establishes "data intermediaries," which are the PDPA's version of the GDPR's data processors.[3]

Further, it is a mandatory for to follow PDPA. Businesses must advise clients of the reasons for requesting their personal information and get their consent before using it. Persuading people to consent to the acquisition, use, or disclosure of personal information beyond what is necessary to deliver a good or service is prohibited by organizations. Further Businesses that violate the PDPA's rules or whose clients do not get alerts may face penalties. A breach of the PDPA's tenets may result in a fine of up to US$1 million or, in the case of an incarceration sentence, a period not to exceed two years.[4]

4. Indian Data Protection Regulations:

India first introduced the Personal Data Protection Bill, 2019 to protect personal and sensitive information of people. To protect the fundamental rights of people and a trust could be formed between the individual and organizations who have their data. However, this bill was not satisfactory. Therefore Now as the time has passed in early August 2023, the Indian Parliament passed the Digital Personal Data Protection (DPDP) Act, 2023. India now has a data privacy law for the first time thanks to the 2023 act. Prior to processing personal data, consent must be obtained, and the legislation explicitly lists a limited number of exceptions. Along with the right to nominate, it gives customers the ability to see, update, modify, and remove their data. It adds further security measures to the way children's data is processed. It imposes duties on organizations to provide notice of data collection and processing, limit its use, and ensure security measures. Businesses are required by law to establish grievance redress processes. In addition, the DPB will manage grievances and complaints and has the authority to impose penalties for breaking the law.[5]

5. Comparative Analysis of EU, Singapore, and Indian Regulations:

EU, Singapore, and India each of them have their own laws and regulations to protect their citizens' data. However, each of them has many similarities and differences among them. Firstly the GDPR requires the consent of the person whose data is being taken. This is similar to PDPA and GDPR where there needs explicit and informed consent.

In the all the three laws the individual can look at their information and if they wish change it or erase it. Further, the DPDPA does not apply to non-digital personal data unless it is later converted to digital form. It only covers digital personal data. The Personal Data Protection Act of Singapore may have served as an inspiration for the DPDPA, which establishes a broad exemption for personal data disclosed by an individual or by law. The act does not limit processing carried out for journalistic reasons, in contrast to the EU General Data Protection Regulation.[6]

6. Conclusion:

Therefore, In our era where technology is constantly evolving and data can travel across borders, it becomes important for the government to protect the personal data of their citizens. Examining different laws and regulations from the European Union (EU), Singapore, and India we saw their objectives and complexities in protecting the sensitive information of their people. It also becomes crucial for businesses and organisations to follow these regulations as it be beneficial for them to build trust with individuals.

7. Citations:

1. local goverment assocation, General Data Protection Regulation (GDPR), available at https://www.local.gov.uk/our-support/research-and-data/data-and-transparency/general-data-protection-regulation-gdpr# ( last visited 23-12-2023)

2. What is GDPR? The summary guide to GDPR compliance in the UK by Matt Burgess, available at https://www.wired.co.uk/article/what-is-gdpr-uk-eu-legislation-compliance-summary-fines-2018# ( last visited 23-12-2023)

3. Didomi, Singapore Personal Data Protection Act (PDPA): all you need to know, available at https://blog.didomi.io/en/singapore-data-protection-pdpa-all-you-need-to-know# (last visited 24-12-2023)

4. Lawpilots,What is the data privacy law PDPA in Singapore?, available at https://lawpilots.com/en/blog/data-protection/pdpa-southeast-asia/# (last visited 24-12-2023)

5. Understanding Indias New Data Protection Law by Anirudh Burman, available at https://carnegieindia.org/2023/10/03/understanding-india-s-new-data-protection-law-pub-90624 (last visited 24-12-2023)

6. Iapp, Top 6 operational impacts of Indias DPDPA Comparative analysis with the EU General Data Protection Regulation and other major data privacy laws, available at https://iapp.org/resources/article/top-6-operational-impacts-of-indias-dpdpa-part6/ ( last visited 25-12-2023)