Though said to be a replica of GDPR, the Indian Personal Data Protection Bill (PDPB) is actually quite different, writes Sandeep Sangwan of the International Association of Privacy Professionals, and this can cause issues for multinationals or Indian “data fiduciaries” who are also subject to GDPR.
Per Sangwan, the lack of the legal basis “necessary for the performance of a contract” under PDPB causes issues for companies that rely on this legal basis for their data processing under GDPR and may cause them to be in violation of one law or the other. It will also likely force them into using “consent” as an alternative legal basis which leads to complexities due to the difficulties inherent in consent as a legal basis.