The Data Protection Bill, 2021 presented by the Joint Parliamentary Committee (JPC) talks about Data Protection Officers (DPO) who will be appointed by data fiduciaries and will be responsible for adhering to the provisions of the Bill. The JPC has made it clear that a DPO can only be a person of “key managerial position” such as a Chief Executive Officer, Chief Financial Officer, and other similar roles. Here’s a detailed look at the various functions of Data Protection Officers employed by data fiduciaries. Definition of Data Protection Officer (Clause 3) Clause 3, where the definitions of the key terms in the Acts are provided, finds the inclusion of a Data Protection Officer. The Bill defined a Data Protection Officer as an officer who will be appointed by a significant data fiduciary under Section 30 of the Bill. Earlier draft: Clause 3 did not have the definition of Data Protection Officer. Reason for change: The Committee said that since the Data Protection Officer plays an important role in the implementation of the legislation, it was of the view that the definition of the role be added in Clause 3. Functions of Data Protection Officers (Clause 30) Clause 30 of the draft mandates that every significant data fiduciary shall appoint a data protection officer who will be responsible for carrying out these functions — Providing information and advice to the data fiduciary on matters related to the Act Assisting and cooperating with authority on matters of compliance of data fiduciary Monitoring personal data…
