49 Powers and functions of Authority

Bare Act

Section 49(1)

It shall be the duty of the Authority to protect the interests of data principals, prevent any misuse of personal data, ensure compliance with the provisions of this Act, and promote awareness about data protection.

Section 49(2)

Without prejudice to the generality of the foregoing and other functions under this Act, the functions of the Authority shall include—

  • (a) monitoring and enforcing application of the provisions of this Act;
  • (b) taking prompt and appropriate action in response to personal data breach in accordance with the provisions of this Act;
  • (c) maintaining a database on its website containing names of significant data fiduciaries along with a rating in the form of a data trust score indicating compliance with the obligations of this Act by such fiduciaries;
  • (d) examination of any data audit reports and taking any action pursuant thereto;
  • (e) issuance of a certificate of registration to data auditors and renewal, withdrawal, suspension or cancellation thereof and maintaining a database of registered data auditors and specifying the qualifications, code of conduct, practical training and functions to be performed by such data auditors;
  • (f) classification of data fiduciaries;
  • (g) monitoring cross-border transfer of personal data;
  • (h) specifying codes of practice;
  • (i) promoting awareness and understanding of the risks, rules, safeguards and rights in respect of protection of personal data amongst data fiduciaries and data principals;
  • (j) monitoring technological developments and commercial practices that may affect protection of personal data;
  • (k) promoting measures and undertaking research for innovation in the field of protection of personal data;
  • (l) advising Central Government, State Government and any other authority on measures required to be taken to promote protection of personal data and ensuring consistency of application and enforcement of this Act;
  • (m) specifying fees and other charges for carrying out the purposes of this Act;
  • (n) receiving and inquiring complaints under this Act; and
  • (o) performing such other functions as may be prescribed.

Section 49(3)

Where, pursuant to the provisions of this Act, the Authority processes any personal data, it shall be construed as the data fiduciary or the data processor in relation to such personal data as applicable, and where the Authority comes into possession of any information that is treated as confidential by the data fiduciary or data processor, it shall not disclose such information unless required under any law to do so, or where it is required to carry out its function under this section.

The contents of the website is provided "as is", without warranty of any kind, express or Implied, including but not limited to the warranties of merchantability, Fitness for a particular purpose and noninfringement. In no event shall the Authors or copyright holders or sponsorers be liable for any claim, damages or other Liability, whether in an action of contract, tort or otherwise, arising from, Out of or in connection with the website or the use or other dealings in the website.