Data Protection Authority of India, Part-3

Functions of Data Protection Authority

The function of the data protection authority shall also include –

  1. Monitoring and enforcing application of the provision of the act
  2. Taking prompt and appropriate actions as per the provisions of the act, in case of breach of personal data
  3. Maintaining a database on its website containing names of significant data fiduciaries along with ratings in the form of trust score. Specifying the qualification, code of conduct, practical training and functions to be performed by such data auditors 
  4. Examination of data audit reports
  5. Issuance of certificate of registration to data auditors and renewal, withdrawal, suspension or cancellation 
  6. Classification of data fiduciaries
  7.  Monitoring cross border transfer of personal data, technological developments, commercial practices
  8. Specifying code of practice
  9. Promoting awareness and understanding of the risk, rules, safeguards and right in respect of protection of personal data
  10. Promoting measures and undertaking research and innovation in the field of protection of personal data
  11. Advising Central Government, State Government and any other authority on measures required to be taken to promote protection of personal data.
  12. Specifying fees and other charges 
  13. Receiving and inquiring complaints
  14. Performing such other functions as prescribed

Code of Practice

The Authority is mandated to specify code of practice to promote good practices of data protection and facilitate compliance with the obligations under this act.

Power of Authority to issue directions

Under section 51 authority may discharge its function, issue such direction.  From time to time as it may be necessary. 

Power of Authority to Call for Information 

The Authority may require a data fiduciary or data processor to provide information as reasonably required in order to discharge the function such requisition to be made in writing by stating the reason.

 Power of Authority to Conduct information

The authority either suo moto or on a complaint may inquire or cause to be inquired into the matter in issue between the data fiduciary and data principal or anyone contravening with the provisions of the Act.

Action to be taken by authority 

After the successful inquiry the Authority may pass an order in writing against the party at fault, issuing a warning, issuing a reprimand, cease and desist order, temporary suspension or discontinuance of business or activity etc.

Search & Seizure

The inquiry officer shall conduct the search seizure in accordance with the provisions of Cr.P.C., 1973.

Picture credit-