white_paper_on_data_protection_in_india_171127_final_v2
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
The EU GDPR prescribes that <strong>data</strong> must be accurate and where necessary kept up to date.<br />
Further, organisati<strong>on</strong>s must take every reas<strong>on</strong>able step to ensure, <strong>in</strong> light of the purpose for<br />
which they are processed, <strong>in</strong>accurate <strong>data</strong> are erased or rectified. 547<br />
United K<strong>in</strong>gdom<br />
Under the UK DPA, pers<strong>on</strong>al <strong>data</strong> is required to be accurate and where necessary, kept upto<br />
date. 548<br />
Canada<br />
Under PIPEDA, the pr<strong>in</strong>ciple of accuracy requires that <strong>data</strong> be accurate, complete and up-todate<br />
as is necessary for the purposes for which it is used. 549 However, the pr<strong>in</strong>ciple specifies<br />
that an organisati<strong>on</strong> shall not rout<strong>in</strong>ely update pers<strong>on</strong>al <strong>in</strong>formati<strong>on</strong>, unless it is necessary for<br />
the purpose for which it was collected. 550<br />
Australia<br />
Under the Privacy Act, an organisati<strong>on</strong> is required to take steps which are reas<strong>on</strong>able <strong>in</strong> the<br />
circumstances to ensure that the pers<strong>on</strong>al <strong>data</strong> it collects is accurate, up-to date and complete.<br />
Such as obligati<strong>on</strong> also exists at the stage of use and disclosure. 551<br />
South Africa<br />
In South Africa an organisati<strong>on</strong> needs to take reas<strong>on</strong>ably practicable steps to ensure pers<strong>on</strong>al<br />
<strong>in</strong>formati<strong>on</strong> is complete, accurate, not mislead<strong>in</strong>g and updated where necessary. 552 While<br />
ensur<strong>in</strong>g accuracy of <strong>data</strong>, the organisati<strong>on</strong> must have regard for the purpose for which the<br />
<strong>data</strong> is to be processed. 553<br />
7.4 Provisi<strong>on</strong>al views<br />
1. Storage Limitati<strong>on</strong>: The pr<strong>in</strong>ciple of storage limitati<strong>on</strong> is reflected <strong>in</strong> most <strong>data</strong><br />
protecti<strong>on</strong> laws and may c<strong>on</strong>sequently also f<strong>in</strong>d place <strong>in</strong> a <strong>data</strong> protecti<strong>on</strong> law for India.<br />
Further, it may not be feasible to prescribe precise time limits for storage of <strong>data</strong> s<strong>in</strong>ce<br />
the purpose of process<strong>in</strong>g will determ<strong>in</strong>e the same. However, the use of terms<br />
―reas<strong>on</strong>ably necessary/necessary‖ may be employed and thereafter guidel<strong>in</strong>es issued by<br />
the regulator, <strong>in</strong>dustry practices, <strong>in</strong>terpretati<strong>on</strong> by courts can br<strong>in</strong>g clarity when it comes<br />
to implementati<strong>on</strong>.<br />
547 Article 5(1)(d), EU GDPR.<br />
548 Pr<strong>in</strong>ciple 4, Part 1, Schedule 1, UK DPA.<br />
549 Pr<strong>in</strong>ciple 6, Schedule 1, PIPEDA.<br />
550 Pr<strong>in</strong>ciple 6, Schedule 1, PIPEDA.<br />
551 APP 10, Schedule 1, Privacy Act.<br />
552 Secti<strong>on</strong> 16(1), POPI Act.<br />
553 Secti<strong>on</strong> 16(2), POPI Act.<br />
120