Mediation : Online Dispute Resolution Mediation : ODR new Call to vidhikarya care phone number+917604047601
Request Consultation
Free Legal Advice
Request Consultation Free Legal Advice
The Impact of the 2024 Data Protection Act on Corporate Liability: A Legal Analysis
Cyber, Internet, Information Technology
Posted On : March 11, 2025

The Impact of the 2024 Data Protection Act on Corporate Liability: A Legal Analysis

Written By : Vidhikarya

Listen to this article   

Table of Contents

One critical aspect of modernity is the era of the internet, and the streams of information created and shared. One cannot take data protection lightly, especially when addressing technological advancement and the growing use of online services. The introduction of the Data Protection Act 2024 India is a landmark change because it seeks to implement an overarching legal structure towards improving data privacy and security in India. 

This act does not have significance only in law compliance, but it also changes the entire scope of corporate responsibility and data breaches. Understanding its implications is critical for businesses in Kolkata because the technology sector is booming and is accompanied by the high chance of data breaches. With the collection and processing of such great quantities of personal data by organisations, there is this need to tether themselves to this new law to avoid penalties and reputational damage. 

Comprehending the Data Protection Act 2024 India 

The Act is considered as the foremost legislation in the country aimed at protecting sensitive personal data of individual citizens in India. It has been passed after much debated discussions and is focused on balancing the rights and lawful data processing activities. The act does provide explicit provisions on the manner in which businesses ought to manage personal data and files of the people to amplify the autonomy that people have over their information. 

Important provisions entail getting consent, data accuracy, and security measures to be put in place. Organisations are now required to prepare impact assessments prior to processing of sensitive data and designate Data Protection Officers (DPOs) to ensure compliance. 

This act replaces previous boundaries like the Information Technology Act of 2000 which provided limited privacy protections. The new Act imposes severe responsibilities on those who work with data and specifies a number of rights for the subjects themselves. It also requires that there must be maximum openness concerning data processing operations and that companies must explain to the people how their information will be utilised. 

Scope and Applicability 

The Act has a wide reach. It is applicable to all entities that process digital personal data in India, or that offer goods and services to Indian residents from abroad. Because of this broad scope, companies in different industries including finance, healthcare, e-commerce, and telecommunications are bound to adhere to its provisions. 

An equally important concern is the impact of this legislation on the ecosystem of tech-startups in and around Kolkata. Organisations that collect or process personal data of citizens should ensure compliance in order to avoid legal complications. This does not only include larger entities, but small businesses as well that might deal with customer data. 

Corporate Liability Under Data Privacy Laws 

Definition and Importance 

Corporate liability for data privacy is understood to mean the responsibility of the organisation for any consequences that arise due to inadequate infrastructure put in place to secure personal data. The Data Protection Act 2024 has expanded the power of the Data Protection Authority of India, where businesses stand substantial fines in case of failure to comply with these regulations. 

The consequences are certainly worse than a fine. Non-compliance not only gets the companies into serious financial trouble, but also puts their reputation at stake and trust issues with customers. Companies that do not take accountability today may come under fire from highly aware consumers and aggressive regulatory environments. 

Key Provisions Impacting Corporate Liability 

A few sections of the Data Protection Act grant liability directly to corporations: 

Consent Requirements: Organisations are required to seek permission from a person before processing their data. That is, businesses can no longer assume consent based on implied agreements. Rather, they must, on their own, ask for permission from users. 

Obligations On Data Security: Corporations are tasked with implementing tight security protocols to ensure personal information is not in any way accessed, breached, or leaked. This means having encryption technologies, performing security audits, and ensuring compliance from third-party vendors too. 

Reporting A Breach: Organisations must report to the concerned persons within a set time, say 72 hours, if a breach was identified. Also incidents must be notified to The Data Protection Board as well. Not adhering to this can result in massive penalties and tight controls from regulators. 

Failing to take appropriate steps while complying with the regulation and rules can accumulate penalties of approximately Rs 250 crores. The risk of dealing with so much sums is a good reason to put in place a culture of compliance. 

Case Studies: Recent Cases Involving Data Breaches 

In 2024, India witnessed a notable increase in data breaches that highlighted the implications of inadequate data protection measures. Below are two significant cases that occurred in Kolkata and surrounding regions. 

Case 1: Hathway Database Breach (January 2024) 

  • Overview: Hathway Cable & Datacom Ltd faced a severe data breach when a hacker exploited system vulnerabilities, exposing personal information of approximately 41 million customers. The breach included sensitive details such as names, addresses, phone numbers, and Aadhaar information. 
  • Legal Implications: This incident raised serious concerns regarding compliance with the Data Protection Act 2024 India. Given that sensitive personal information was involved, Hathway could face substantial penalties for failing to protect customer data adequately under the new act. 
  • Outcomes: Following the breach, Hathway initiated an investigation and collaborated with cybersecurity experts to enhance its security measures. The incident underscored the urgent need for data breach law in India, hence  companies to prioritise cybersecurity compliance to mitigate corporate liability under data privacy laws. Additionally, affected customers were advised to monitor their accounts closely for any signs of identity theft or fraud. 

Case 2: Angel One Data Leak (July 2024) 

  • Overview: Angel One reported a significant data leak affecting around 7.9 million customers, with leaked information including bank account numbers, transaction histories, and personal identification details. 
  • Legal Implications: The leak highlighted vulnerabilities within the financial services sector and raised questions about compliance with privacy laws for businesses in India. The Personal Data Protection Bill 2024 emphasises the need for organisations to implement robust data protection measures to avoid legal repercussions. 
  • Outcomes: Following increased scrutiny from regulatory authorities, Angel One enhanced its cybersecurity protocols and advised customers to monitor their accounts closely for signs of identity theft or fraud. The incident served as a wake-up call for many financial institutions regarding their responsibility to protect customer information. 

What We Can Learn From Local Case Studies 

These specific cases depict a company's failure with respect to data protection regulations. For instance, companies operating in Kolkata have suffered because of not complying with the legal regulations. Consequences such as reputational damage and severe financial penalties are not uncommon. With average costs associated with data breaches rising to Rs 19.5 crore by 2024, there is an increased need to comply with legal regulations regarding cybersecurity. 

Having access to cybersecurity data breaches incidents enables businesses to determine their responsibilities under the Data Protection Act 2024 and implement measures to protect personal data in a much more efficient manner. 

Privacy Regulations for Organisations in India 

Overview of Related Laws and Acts 

The Data Protection Act intersects with several existing laws: 

Information Technology Act, 2000: It provides a basic framework for e-commerce transactions and cybersecurity, but it does not include specific provisions for the protection of personal data. 

Bhartiya Nyaya Sanhita (BNS): It contains provisions that may deal with structures for cybercrime in relation to personal data protection negligence. For example, acts such as identity fraud and unlawful entry are offenses that can be prosecuted against those who are deemed custodians and responsible within the organisation. 

For businesses, understanding these laws that overlap is important to ensure that proper legal compliance is followed. 

Cybersecurity Compliance in India 

Robust cybersecurity measures are vital for a business for legal and liability reasons. An organisation has to spend on security systems, perform audits, and continuously improve their cybersecurity compliance efforts in place. 

A proactive approach includes: 

  1. Conducting regular risk assessments to identify vulnerabilities. 
  2. Training employees on best practices for handling sensitive information. 
  3. Establishing clear protocols for reporting incidents or breaches immediately. 

Navigating Corporate Liability: Best Practices 

Steps for Businesses to Ensure Compliance 

To navigate corporate liability effectively, businesses should: 

  1. Develop Comprehensive Data Protection Policies: Establish clear policies outlining how personal data will be collected, processed, stored, and shared. 
  2. Conduct Regular Employee Training on Data Privacy: Ensure all employees understand their roles in protecting customer information and are aware of potential risks associated with mishandling data. 
  3. Implement Strong Access Controls and Encryption Methods: Limit access to sensitive information only to those who need it for their job functions while employing encryption technologies to protect stored data. 

Functions of Cyber Crime Lawyers 

As a business legal advisor, a client can seek assistance from a cybercrime lawyer to gain perspective on how to mitigate compliance and liability risks with the Data Protection Act of year 2024. Legal audits conducted by cybercrime lawyers can also assist an organisation in meeting legal expectations regarding breach reporting. 

Cybercrime lawyers can help organisations by: 

  • Examining policies and processes for compliance with current legislation. 
  • Advising on appropriate handling of sensitive data information. 
  • Acting on behalf of a company in matters relating to investigations or prosecution of data violations. 

From the above examples, it can be seen that seeking a free lawyer consultation online can be beneficial for organisations trying to seek solutions for such concerns. 

Final Thoughts 

The Data Protection Act 2024 India significantly impacts corporate liability by establishing clear obligations for businesses regarding personal data protection. Companies need to comply with the personal data protection requirement to not face possible sanctions and severe reputational consequences in this modern digital era. 

Particularly in light of the ever-increasing legal globalisation, it is especially true for all other businesses with a presence in India – particularly in technology centres such as Kolkata. Understanding such legal systems will always be requisite for doing cross border trade within the region. 

It is important for businesses to monitor changes in data protection law and consider consulting legal counsel to obtain a thorough understanding of their responsibilities under this new legislation. Compliance with privacy laws today will not only shield companies from liabilities that they may incur in the future but also help create a true relationship with the customers, which is very critical in today’s competitive environment. 

Recommended Free Legal Advices

  • Cheating Substandard quality of vehicle service delay and life threatening - 3 Response(s)

    Dear Client, In your case, seeking redressal through the Consumer Court is a valid approach, given the multiple issues, including delayed service, inadequate communication, unjustified charges, safety concerns, and mental distress due to the vehicle’s recurring problems. Below are steps and legal advice for filing a complaint in the consumer court, including fees, compensation eligibility, and additional suggestions. 1. Grounds for Consumer Complaint Based on the issues you have described, you can file a consumer complaint under the following grounds: Deficiency of Service: The delayed return, failure to provide adequate information, unjustified charges, and failure to perform repairs to a satisfactory standard. Unfair Trade Practices: Refusal to release the vehicle due to issues with insurance, failure to provide a correct bill, and the poor quality of repairs despite charging a large amount. Mental Harassment and Safety Risk: The distress caused by the recurring breakdowns, particularly the wiper issue that put your family’s safety at risk. 2. How to File a Consumer Complaint Draft a Complaint: You need to draft a formal complaint describing all the issues you have faced, including: Vehicle repair delay and inconvenience caused. Lack of communication and transparency from the service center. Unjustified fuel charges and incorrect billing. Substandard service and the risk posed by inadequate repairs (wiring issues, mudguard, platform mat, etc.). Mental distress caused by the breakdowns and the poor service quality. Prepare Supporting Documents: Attach copies of all relevant documents, including: Service center receipts and bills. Photos of the car's condition (if available). Communication records with the service center (messages, emails, call logs). Insurance claim documents. Any warranty papers, vehicle purchase documents, and other relevant records. Submit the Complaint: You can submit the complaint online via the National Consumer Helpline (NCH) or approach the District Consumer Dispute Redressal Commission. 3. Filing Fees The fees for filing a complaint in the District Consumer Dispute Redressal Commission are based on the value of the claim. Since the cost of the car and service is approximately ₹10,66,000, The filing fees for this category are typically Rs.400-2000 4. Compensation You Can Seek Compensation can be claimed for the following aspects: Refund of Repair Costs: Since the repair services were inadequate, you can claim a refund of ₹1,09,000 paid for the service. Compensation for Mental Harassment: For the inconvenience, stress, and risk posed to your family, you can seek compensation for mental distress. In such cases, consumer courts have awarded ₹1,00,000 - ₹5,00,000 depending on the severity of the harassment. Loss of Use and Inconvenience: Given the delay in returning the vehicle and the subsequent breakdowns, you can claim compensation for the inconvenience caused, often around ₹1,00,000 - ₹2,00,000. Legal Costs: You can also request reimbursement for the legal costs of pursuing the case. Considering all the aspects of your case, you could seek compensation of ₹5,00,000 to ₹7,00,000 for the distress, inadequate service, and safety risks faced by your family. 5. Legal Steps to Take Send a Legal Notice: Before filing a formal complaint, it’s advisable to send a legal notice to the service center, detailing the issues and demanding compensation for the deficient service, within a stipulated time (15-30 days). This can sometimes prompt the service center to resolve the matter without going to court. File a Formal Complaint: If the service center does not respond or refuses to take responsibility, you can proceed with filing the complaint in the District Consumer Dispute Redressal Forum. Engage a Lawyer: Though not mandatory, hiring a lawyer experienced in consumer cases can help in drafting the complaint, gathering evidence, and representing you in court. 6. Additional Points Claim Safety Issues: Highlight the safety concerns caused by the wiring issues and incomplete repairs. Consumer courts take vehicle safety matters seriously, especially if they involve risk to life. Continuous Service Deficiency: The repeated breakdowns (battery, wiper issues) after paying a significant amount for repairs can strengthen your case for a higher compensation amount. Goodwill of Manufacturer: If the service center is authorized by the car manufacturer, mention the manufacturer’s liability for ensuring adequate service through their authorized dealers. You have a strong case for claiming compensation due to deficient service, unjustified charges, and mental harassment caused by the service center. You could seek compensation of approximately ₹5,00,000 - ₹7,00,000 in addition to a refund of the ₹1,09,000 service cost. Regards

  • Substandard service quality unjustified charges cheating purposeful delay - 1 Response(s)

    Dear Client, From your prolonged contents of query, it appears that you become the victim of deficient service from different service providers on multiple occasions. To resolve the issue of deficiency in service legally you have to knock the door of the Consumer Forum. So, in the given scenario, serving a strong legal notice to all the service providers, you can file a complaint against them over alleged deficiency in service and unfair trade practices before the Dist. Consumer Commission under Sec.35 of the Consumer Protection Act, 2019 claiming the money you lost for deficient service along with compensation for harassment and mental agony and cost of litigation. The complaint should be filed within two years from the date of the cause of action.

  • unauthorized deduction from provident account - 2 Response(s)

    Dear Client, In the given situation, despite your repeated approach, when your employer fails to take any appropriate action to resolve the admitted deficiency/default on their part and keeps the matter in abeyance, you can bring the matter to the notice of the Regional P F Commissioner who is the competent authority to resolve any anomaly/discrepancy arising out of EPF account of a registered member by filing a complaint using UAN to the EPF i-Grievance Management System (www. https://epfigms.gov.in/). If the grievance is not resolved, you can approach the Employees’ Provident Funds Appellate Tribunal (EPFAT) which was constituted under the provisions of the Section 7 D of the EPF and M P Act 1952, Now, as per the Finance Act 2017, the Employees' Provident Fund Appellate Tribunal has been merged with Central Government Industrial Tribunal w.e.f. 26.05.2017. So, if no relief yields from the office of the Regional PF Commissioner, you may approach the Central Government Industrial Tribunal for appropriate relief. Hope it may resolve your grievance. Feel free to contact our legal team to navigate the issue in the right way.

  • Service agreement regarding query - 4 Response(s)

    Look Poonam these are fraud companies and they do not do anything except trap you and then take money from you. You need not worry nothing will happen to you. Just ignore there calls and mails. If you want you can speak to me.

  • Online financial fraud Rs 800000 - 1 Response(s)

    Dear Client, Until and unless an amount is put on hold or traced out post investigation of the reported cyber scam, based on the possibility or presumption, you can not claim your lost amount as a matter of right especially if it is lost for a lack of awareness of the complainant who done high-value transaction without verifying the source or identity of a person. However, you can represent your grievance or claim before the regulatory authority RBI, and higher authorities of Cyber Cell to resolve your grievance. You can apply under the RTI Act to the SPIO/CPIO of the concerned public authorities seeking the desired information. If required, hire an Advocate to navigate the issues in the right way.

Our Expert Lawyers in Cyber, Internet, Information Technology Corporate and Incorporation

Abhimanyu

Abhimanyu Shandilya

From Kolkata

Shrikrushna

Shrikrushna Tambde

From Nagpur

Meenakshi

Meenakshi Periyahkaruppan

From Chennai

Jaswant

Jaswant Singh Katariya

From Gurgaon

Recommended blog article

Understanding Child Pornography Laws in India: Everything You Need to Know
Posted On : February 12, 2025

Understanding Child Pornography Laws in India: Everything You Need to Know

Child pornography exists as a serious online criminal act which victimizes defenseless children and generates worldwide abuse networks. Digital content sharing has grown rapidly thus making the proble...

How International Law Firms in India Can Help Your Business
Posted On : October 29, 2024

How International Law Firms in India Can Help Your Business

With the expansion of the global economy, businesses often face and address very complex legal issues, especially when they operate in more than one jurisdiction. Therefore, international law firms pl...

Submit your legal query

Categories

©2025 Vidhikarya. All Rights Reserved.

Disclaimer

The Bar Council of India does not permit advertisement or solicitation by advocates in any form or manner. By accessing this website (www.vidhikarya.com), you acknowledge and confirm that you are seeking information relating to VIDHIKARYA LEGAL SERVICES LLP (The LAW FIRM) of your own accord and that there has been no form of solicitation, advertisement or inducement by VIDHIKARYA LEGAL SERVICES LLP or its members.
The content of this website is for informational purposes only and should not be interpreted as soliciting or advertisement. The User agrees that he/she is visiting the site on his own volition to seek more information about the firm and its Advocates.
The contents of this website are the intellectual property of VIDHIKARYA LEGAL SERVICES LLP.

OK Cancel
Vidhikarya Official support e-mail Contact Vidhikarya by phone Number vidhikarya whatsapp Number