Spice Route Legal
Presently, the general data protection laws in India comprise of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or information) Rules, 2011 (“SPDI Rules”) issued under the Information Technology Act, 2000. The SPDI Rules do not impose any specific restrictions on cross border transfers of personal data. However, personal data may only be transferred based on the consent of the individual or for the performance of a contract with the individual. Additionally, the recipient of any personal data must ensure at least the same level of data protection as provided for under the SPDI Rules and by the transferor.
