Skip to content

GAVS – Global IT Consulting

Menu
  • Platforms & Products
    • Platforms & Products

      GAVS’ products will help change how you organize your IT Operations, bring meaningful and actionable insights to speed up network fixes, provide real data as quantifiable justification to adopt strategies that foster business improvements.

      • ZIF
      • Products
        • zDesk – Remote, Secure Desktop-as-a-Service (VDI+)
        • zIrrus
        • GTOps
        • TruOps
        • Close
    • Products & Platforms
      • Reimagining your Digital Infrastructure with Zero Incident FrameworkTM

        Read more
    Close
  • Services & Technologies
    • Services & Technologies

      GAVS is a global IT services provider with focus on AI-led Managed Services and Digital Transformation. GAVS’ AIOps platform, Zero Incident Framework ™ (ZIF), enables proactive detection and remediation of incidents and increases uptime, helping organizations drive towards a Zero Incident Enterprise™ . GAVS has transformed IT Enterprise delivery through ZIF’s Discover, Monitor, Analyze, Predict, and Remediate modules, to optimize business services continuity.

      • Digital Services
        • Auto Discovery and Dependency Mapping
        • Cloud Enablement
          • Cloud Advisory and Transformation
          • Close
        • Automation
        • Blockchain
        • Close
      • Cyber Security Services
        • Assessment & Advisory
        • Identity & Access Management (IAM)
        • Managed Detection & Response (MDR)
        • Managed Security Services (MSS)
        • Security Automation
        • Risk & Compliance
        • Close
      • Data Privacy Services
      • Consulting & Implementation Services
        • Cloud Advisory and Transformation
        • Data Center Assessment
        • Data Center-as-a-Service (DCaaS)
        • Infrastructure re-engineering
        • Data Center Consolidation & Migration
        • Close
      • Application Services
      • Enterprise Support Services
        • Managed Infrastructure Support
        • Remote Infrastructure Monitoring
        • End User Monitoring
        • Close
      • Microsoft Services
    • Services &Technologies
      • Reinforcement Learning- The Art of Teaching Machines

        Read more
    Close
  • Industries
    • Industries

      GAVS Technologies focuses on serving various industry verticals in their digital transformation through infrastructure solutions, adopting innovation and technologies in different domains. We offer services and solutions aligned with technology trends to enable enterprises to take advantage of futuristic technologies like DevOps, Smart Machines, Cloud, IoT, Predictive Analytics, Managed Infrastructure Services, and Security services.

      • Industries Overview
      • Healthcare
      • Banking & Financial Services
      • Manufacturing
      • Media & Publishing
    Close
  • Inside GAVS
    • Inside GAVS

      GAVS is a global IT services provider with focus on AI-led Managed Services and Digital Transformation. GAVS’ AIOps platform, Zero Incident Framework™ (ZIF), enables proactive detection and remediation of incidents and increases uptime, helping organizations drive towards a Zero Incident Enterprise™ . GAVS has transformed IT Enterprise delivery through ZIF’s Discover, Monitor, Analyze, Predict, and Remediate modules, to optimize business services continuity.

      • About Us
      • Client Speak
      • Alliances & Partnerships
      • Leadership Team
      • Social Responsibility
      • Events
      • Locations
      • Contact Us
      • Press Releases
      • Media Mentions
      • Awards and Recognitions
      • In Memoriam
      • Covid Care
    Close
  • Insights
    • Insights

      We bring you discerning insights on technology trends, innovation and organization culture, thru our collection of articles, blogs and more. Insights reflects our passion in driving advancements as we move forward creating new paradigms in business and work culture. You would find our thoughts on a variety of topics ranging from evolving technologies and ways it affects businesses and lives, transformational leadership, high impact teams, diversity, inclusion and much more.

      • Blogs
      • Articles
      • White Papers
      • Brochures
      • Videos
      • Case Studies
      • enGAge Magazine
    • insights
      • Seven Tips for Leading IT Modernization and Digital Transformation

        Read more

    Close
  • Work With Us
    • Work with us

      What it means to be a GAVSian?

      If you rate high on our SWAT test (Smart, Hardworking, Articulate, Technologically curious), GAVS’ hiring profile, we promise you excitement, inspiration and the freedom to succeed in our flat organization. Being a GAVSian, you would represent our cutting edge in technological advancement while we help you hone yourself into the person you aspire to be. That’s the level of personal interest we invest in you.

      • Career with GAVS
      • Company Culture
      • Diversity @ GAVS
      • Building a respectful workplace
    Close
Back to blogs

Personal Data Protection in India

Oct 04, 2021
  • big data and predictive analytics in healthcare
  • Data Protection in Healthcare
  • digital transformation in healthcare it consulting
  • healthcare database software development
  • master data management software tools
SHARE

In this blog post

  • Personal Data Protection in India
  • Understanding health data
  • Personal Data Protection Bill, 2019 (PDPB)
  • PDP bill vs. existing data protection regimes

Personal Data Protection in India

The healthcare sector is in the middle of massive digital reform to overcome inefficiencies, improve utilization of resources, and enhance the delivery of quality service to patients. The rapid adoption of technology comes with its challenges – one of them being the huge volumes of data that get generated every single day – data that needs to be protected on priority. The availability of vast amounts of sensitive patient information is what has made the healthcare industry a primary target of cyberattacks and data breaches. In 2020, India reported a 37% increase in cyberattacks on healthcare organizations in November and December. With increasing healthcare digitalization, cyberattacks of various kinds like ransomware attacks, DDoS attacks, phishing emails, have also increased in number and complexity.

Understanding health data

According to National Digital Health Mission (NDHM), health data is classified into two broad segments:

  • Personal health data – data related to an individual. This contains detailed information of various health conditions and treatments, personally identifiable information of multiple stakeholders, including healthcare professionals.
  • Non-personal health data – includes aggregate health data and anonymized health data where all personally identifiable information has been removed.

The Ministry of Health and Family Welfare issued draft legislation, namely the Digital Information Security in Healthcare Act (DISH Act), to regulate all digital health data generation, collection, storage, access, transmission, and use.

Personal Data Protection Bill, 2019 (PDPB)

Notably, India does not have any national regulatory authority focusing on the protection of personal data. To remedy the situation, the government of India and a Joint Parliamentary Committee proposed the draft PDP Bill on December 12, 2019, that addresses the issue of data protection. This bill will be India’s first law on personal data protection and will repeal Section 43A of the IT Act.

The bill defines ‘health data’ under section 3(21) as the ‘data related to the state of physical or mental health of the data principal and includes records regarding the past, present or future state of the health of such data principal, data collected in the course of registration for, or provision of health services, data associating the data principal to the provision of specific health services’.

The proposed PDP Bill applies extraterritorially to non-Indian organizations if specific nexus requirements are met and suggests the formation of a Data Protection Authority of India that will be in charge of preventing misuse of personal data, protecting the interests of data principals, and ensuring compliance with the new law.

The PDP Bill takes inspiration from GDPR to establish a comprehensive data protection regime in India. The current draft of the PDP Bill

  • Introduces a central data protection regulator
  • Broadens the rights given to individuals
  • Specifies compliance requirements for all personal data
  • Institutes data localization requirements for certain types of sensitive data

PDP bill vs. existing data protection regimes

With a tighter grip around localization, the PDPB goes a step beyond the rules mandated by GDPR and the United States’ Clarifying Lawful Oversees Use of Data (CLOUD) Act. Although there is no timeline for the implementation, PDP will be rolled out in a phased manner.

  • Localization of data – The PDP Bill is more restrictive and mandates the localization of sensitive personal data and critical personal data. The bill also imposes restrictions on the cross-border transfer of critical and sensitive personal data.
  • Extra-territoriality principle – The bill applies the extra-territoriality principle to the processing of any personal data by organizations outside India. The principle applies if personal data is processed concerning any business or activity that involves offering goods or services to consumers in India or profiling data principles within India.
  • Local presence required – The draft policies regulate organizations that are not established in India but offer goods or services to consumers in India to have a company incorporated in India and appoint an Indian resident as a nodal person of contact to ensure compliance with applicable laws. This move is to ensure regulatory and enforcement control over foreign entities who trade in India.

In today’s highly regulated data environment, healthcare companies in India must embrace and build an effective compliance strategy. They need to obtain better visibility of their data before considering focusing on data protection regulation compliance. By adopting a layered approach to data security focusing on people, processes, and a technology-centric approach, organizations across industries in the country can embrace the new PDP Bill. The bill should be viewed as a competitive advantage. While the regulation focuses on data protection and security, healthcare organizations can implement these methods to effectively manage health data.

  • Deploying encryption to store data
  • Mandating the use of strong passwords
  • Data sharing with only relevant people to avoid misuse
  • Periodic review of firewall settings
  • Securing all devices that have access to the personal data of an individual
  • Due diligence before sharing information with third-party vendors

GAVS offers data privacy services and solutions designed to protect the organization’s information through the full data lifecycle, from acquisition to disposal. Our service offerings help organizations adhere to data privacy best practices and regulatory compliance in a constantly evolving threat environment and regulatory landscape. You can find more information on GAVS’ offerings at Cyber Security Services & Data Privacy Services.



Imposter Syndrome at Workplace
You Deserve This! – Dealing with Imposter Syndrome at Workplace
Read More
Sustaining Competitive Advantage
Sustaining Competitive Advantage
Read More
Citizen Developers
Citizen Developers
Read More
GAVS – Global IT Consulting

Copyright © 2022, GAVS Technologies.

  • Privacy Policy
  • Cookie Policy
  • Terms of use
  • Contact Us
  • Platforms & Products
    • Platforms & Products
    • Products
      • Zero Incident Framework ™
      • Products
      • zDesk – Remote, Secure Desktop-as-a-Service (VDI+)
      • GTOps
      • TruOps
      • zIrrus
  • Services & Technologies
    • Services & Technologies
    • Digital Services
      • Digital Services
      • Auto Discovery and Dependency Mapping
      • Cloud Enablement
        • Cloud Advisory and Transformation
      • Automation
      • Blockchain
    • Data Privacy Services
    • Cyber Security Services
      • Cyber Security Services
      • Risk and Compliance
      • Security Automation
      • Managed Security Services (MSS)
      • Managed Detection and Response (MDR)
      • Identity and Access Management
      • Assessment and Advisory
    • Consulting & Implementation Services
      • Consulting & Implementation Services
      • Cloud Assessment & Advisory
      • Data Center Assessment
      • Data Center-as-a-Service (DCaaS)
      • Infrastructure re-engineering
      • Data Center Consolidation & Migration
    • Application Services
    • Enterprise Support Services
      • Enterprise Support Services
      • Managed Infrastructure Support
      • Remote Infrastructure Monitoring
      • End User Monitoring
    • Microsoft Services
  • Industries
    • Industries Overview
    • Healthcare
    • Banking & Financial Services
    • Manufacturing
    • Media & Publishing
  • Inside GAVS
    • Inside GAVS
    • About Us
    • Industries
    • Client Speak
    • Alliances & Partnerships
    • Leadership Team
    • Social Responsibility
    • Events
    • Find us
    • Reaching us
    • Press Releases
    • Media Mentions
    • Awards and recognitions
    • In Memoriam
    • Covid Care
  • Insights
    • Insights
    • Articles
    • Blogs
    • White Papers
    • Case Studies
    • Brochures
    • Videos
    • enGAge Magazine
  • Work with us
    • Work with us
    • Career with GAVS
    • Company Culture
    • Diversity @ GAVS
    • Building a respectful workplace

Schedule a Demo