However, its categorisation of data as personal data (PD), sensitive personal data (SPD), and critical personal data (CPD) are inconsistent with this expectation.

In turn, an unclear categorisation of data exposes users to privacy risks by impeding the determination of security controls appropriate for data protection.

The implications of this categorisation, especially on startups, need to be carefully considered as a joint committee of parliamentarians reviews the bill.

A Broad Definition For Sensitive Personal DataA subset of personal data SPD consists of financial data, health data, biometric data, genetic data, data indicating religious/political beliefs/sexual orientation or caste/tribe status.

Also, given that the PDP Bill permits the transfer of data to ‘permissible’ countries, bilateral and multilateral data transfer frameworks should be encouraged. | To read full story, visit https://startuparound.com/read/1584100805.1677132/Classification-Of-Data-Under-The-PDP-Bill:-Implications-For-Startups?ref=audio_experience