Obligations of the Data Fiduciary

Paraphrased legal text

A Data Fiduciary shall ensure the accuracy and completeness of personal data, implement appropriate technical and organisational measures, implement reasonable security safeguards to prevent breach, intimate the Board and affected Principals of breaches, and erase data when retention is no longer necessary.

What this means in plain English

• Accuracy — keep data correct and complete.
• Reasonable security safeguards — encryption, access controls, audit logs.
• Breach notification — to the Board AND to affected Principals.
• Erase data when the purpose is exhausted or consent is withdrawn.
• These obligations extend to your Data Processors via contract.

Penalty if you get this wrong

Up to ₹250 crore for failure to safeguard, and ₹200 crore for failure to notify the Board of a breach.

How ProtectComply solves it

Breach Management + Assessment + TPRM

• Breach lifecycle with 72h detection and 24h Board-notification clocks
• Assessment engine tests every §8 sub-clause across L1 / L2 / L3
• TPRM module enforces §8 obligations down to processors
• Retention rules linked to RoPA entries — auto-flag expired data