Comparison Between GDPR And PDPB

Debasish Pramanik Cloud Security Expert - CloudCodes Software
  • July 4th, 2021

GDPR Vs PDPB – Comparison

The Personal Data Protection Bill was introduced in the Indian Parliament on 11th December 2019. The European General Data Protection Regulation (GDPR) has nearly become a common thing for the Personal Data Protection Bill, not only for the stringent arrangements that it contains yet additionally for the extensiveness of the issues that it addresses. At its core, the Bill continues to require that Personal Data be processed relatively and reasonably while ensuring data privacy, for purposes that are consented to by the Data Principal, or purposes incidental or connected to that. GDPR and PDPB are two overarching data regulations that mirror each other in some ways but also present some notable divergences.

The Application of the Personal Data Protection Bill

The PDPB applies to process individual information that has been gathered, revealed, common or in any case handled inside the region of India, Indian organizations, Indian residents, and some other people or bodies consolidated or on the other hand made under Indian law. 

The PDP’s extent of use is possibly more extensive than that of the GDPR, as a substance may fall inside the scope only by preparing individual information in India (e.g., indeed, even using a processor in India). However, this expansive extent of the application might be limited should the administration practice its position to absolve such handling exercises.

Difference Between GDPR And PDPB

  1. Indian law does not require the information guardian to share the names and classifications of different beneficiaries of the individual information with the information head. 
  2. There is no commitment to the information trustee to impart to the information head to what extent the information will be put away while gathering or whenever, as GDPR commands. 
  3. The information trustee doesn’t have to share the information if it is not gathered from him/her, which is a specific necessity in GDPR. 
  4. Unlike GDPR, there is no necessity that the information guardian share with the information heads the presence of mechanized dynamics, including profiling. 
  5. GDPR necessitates that the information subject (information head) is given a duplicate of information experiencing handling. The Indian enactment orders a rundown of that information to be shared, with no meaning of what that synopsis is.


As specialists in Data Protection, the DPO Center gives exhortation and direction to associations to assist them by providing Data Protection Officers with help. GDPR EU Representation Services are required under Article 27 for associations outside the EU, as well as Data Protection Impact Assessments, Consultancy, and Training.

Further, the Bill has extended the extent of exceptions for the administration, and given that the legislature may guide information trustees to furnish it with any non-individual or anonymized information for better focusing of administrations.