Global Data Privacy and Cybersecurity Handbook

India

Select a Topic
Start Comparison
Penalties for Non-compliance
Jump to
Penalties for Non-compliance Start Comparison
What are the potential penalties / remedies for non-compliance with the key data privacy and cybersecurity laws in the jurisdiction?

Last review date: 22 December 2023

There are:

☒        administrative remedies / civil penalties applied by regulators and law enforcement

☐        criminal penalties from regulators and law enforcement

☒        private remedies

        other

Failure to comply with Privacy Rules is punishable with fines of up to INR 100,000 (approximately USD 1,203) and compensation to the affected person extending up to INR 100,000 in the case of an individual (approximately USD 1,203) and INR 1,000,000 (approximately USD 12,027) in the case of a company.

The DPDP Act imposes penalties for non-compliance ranging from INR 10,000 (approximately USD 120) to INR 250 Crores (approximately USD 30,066,632), depending on the nature of non-compliance.

In case an entity fails to comply with the directions of the CERT-In, the person responsible may be punishable with imprisonment for a term which may extend to one year or with a fine which may extend to INR 10,000,000 (approximately USD 120,273) or with both.

If data subjects have private remedies, what form can these remedies take?

Last review date: 22 December 2023

        individual personal actions

☐        representative actions (e.g., brought by a consumer / data privacy body or the supervisory authority)

☐        class actions

{{ $store.state.loadingScreen.message }} ...