Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Unlike the European Union which adopted the Data Protection Directive in 1995 and has
most recently passed the General Data Protection Regulation that is scheduled to become
enforceable with effect from May 25, 2018, India does not currently have a separate data
protection law and when the Information Technology Act, 2000 (hereinafter referred to as the
"IT Act") first came into force on October 17, 2000 it lacked provisions for protection and the
procedure to be followed to ensure the safety and security of sensitive personal information
of an individual.
This led to the introduction of the Information Technology Bill, 2006 in the Indian Parliament
which later led to the Information Technology (Amendment) Act, 2008 whose provisions
came into force on October 27, 2009. The Information Technology (Amendment) Act, 2008
inserted Section 43A in the IT Act and the Central Government, in exercise of the powers
conferred by clause (ob) of sub-section (2) of Section 87 read with Section 43A of the IT Act,
2000 notified the Information Technology (Reasonable security practices and procedures
and sensitive personal data or information) Rules, 2011 (hereinafter referred to as the "2011
Rules").