What Is a Significant Data Fiduciary?

In this short article, we're going to talk about the significant data fiduciary. To understand that, we will first have to discuss what a data fiduciary is. 

These terms first got introduced in a tentative data privacy and protection bill of 2019 called PDP. The purpose of that bill was to achieve maximum compliance according to the European Union's GDPR. 

This might be quite confusing for you if you're new to this, so let's discuss all the terms one by one.

What Is the EU’s GDPR?

The GDPR (General Data Protection Regulation) is a guideline in European Union laws on data insurance, protection, and security in the European Union and the European Economic Area. It additionally addresses the exchange of individual information outside the EU and EEA territories. You might think that it's a regional law, but to have worldwide acceptance, you need to perform GDPR data mapping and know the seven Principles of GDPR. Apart from the European Union, Japan also has some data privacy laws and regulations set up. 

What Is India’s PDP Bill?

To step up the game, India also introduced its data privacy and protection laws and came up with a personal data protection (PDP) bill in 2019. 

Highlights of the PDP Bill

It’s not like there was no talk about data privacy and protection in India. Still, this bill was the first one with a comprehensive collection of regulations and guidelines for people's data protection. We can say that it is the improved version of the former data protection bills.

• The bill defines different kinds of personal data, their sensitivity level, and how critical they are.
• The bill's policy and guidelines guide companies and government on different ways of dealing with personal data of people.
• The bill clearly states that any data related to the minorities, religion, caste, or gender talk cannot get accessed by individuals, companies, organizations, or anyone for that matter because it can get used in the wrong way.
• According to PDP, the government will have access to WhatsApp, Facebook, and all the other social media platforms’ data and they can ask for it from the companies anytime.

What Is a Data Fiduciary? 

Now that we have created a basic understanding of the personal data protection bill, it is time to talk about the data fiduciary. The concept is essential to learn to get an understanding of the significant data fiduciary. According to the PDP law, a data fiduciary can be an individual, state, organization, or entity that chooses how their data should be stored, processed, and handled. In contrast to the Ministry advisory group, others allude to this as the data regulator and collector.

What Is a Significant Data Fiduciary?

As the name suggests, a significant data fiduciary is an information fiduciary, but they fall under a “significant” category according to the data privacy and cybersecurity authorities depending on the type of personal data and its risks and how sensitive it is. Another important detail is that data fiduciaries that fall under the significant category have to fulfil all the special accountability requirements.

What Are the Audit Requirements for Significant Data Fiduciaries?

Anyone who falls under the significant data fiduciary list must provide an annual audit report of their data activities, including its processing, storage, and use. For that, they need to ask an independent auditor to audit. The audit and data score is not only for a significant data fiduciary, but it is also for every insignificant data fiduciary whose data can cause harm in the future.