TECH THAT TOUCHES A CERTAIN DEGREE OF CENTRALIZATION IS

ESSENTIAL IN IT INDIA URGENTLY NEED A DATA PROTECTION PLAN

TO REGULTATE 5G

Submitted by:
Harshit Raj Singh(2817)

Nandani(2823)

Priyanshu raj(2830)

Tejas (2855)

Sahil bariar(2835)

Utkarsh kumar(2856)

B.B.A., LL.B (Hons.)

Submitted to:
Dr. sweta vats

FACULTY OF MANAGEMENT

(Project Report)

Chanakya National Law University

Nyaya Nagar, Mithapur, Patna- 800 002

1|Page
 DECLARATION

We, hereby declare that, the project work entitled, ‘TECH THAT TOUCHES A CERTAIN
DEGREE OF CENTRALIZATION IS ESSENTIAL IN IT INDIA URGENTLY NEED A
DATA PROTECTION PLAN TO REGULTATE 5G’ submitted to CNLU, Patna is record of an
original work done by me under the guidance of, Faculty Member, CNLU, Patna.

Harshit Raj Singh(2817)

Nandani(2823)

Priyanshu raj(2830)

Tejas (2855)

Sahil bariar(2835)

Utkarsh kumar(2856)

B.B.A. LL.B. (Hons.)

1st Semester

2|Page
 ACKNOWLEDGEMENTS

First and foremost, I would like to thanks my Faculty of management , dr. Sweta vats, for giving
us opportunity to work on this project named – ‘TECH THAT TOUCHES A CERTAIN DEGREE
OF CENTRALIZATION IS ESSENTIAL IN IT INDIA URGENTLY NEED A DATA PROTECTION
PLAN TO REGULTATE 5G’. His guidance and support has been instrumental while making my
project on this topic.

I would like to all authors, writers Internet sources and columnists whose ideas and works have
been made use in my Project. My heartfelt gratitude also goes to all staff and administration of
CNLU for the infrastructure in the form of library that was a great source of help in completion
of this Project.

I also thank my group for their precious inputs which have been very useful in the completion of
this Project. I would also like to thank my parents, my seniors, dear colleagues, and friends in the
University, who have helped me with ideas about this work.

I hope you will appreciate my true work which is indeed a hard work and a result of my true
research and work.

Harshit Raj Singh(2817)

Nandani(2823)

Priyanshu raj(2830)

Tejas (2855)

Sahil bariar(2835)

Utkarsh kumar(2856)

B.B.A. LL.B. (Hons.)

1st Semester

3|Page
 RESEARCH OBJECTIVES
The objectives behind this research are to know:

 Study cyber security is global issue.

 Study Data sovereignty is national sovereignty .
 3.Study the Government initiatives to strengthen cybersecurity.
 Study the protection of digital infrastructure.

RESEARCH METHODOLOGY
The research work is totally doctrinal method. It includes primary as well as secondary sources

 Books
 Case law
 Journals
 Articles
 web sources

LIMITATIONS

Area of limitations – Every study has own limitation due to the limited time, lack of sufficient
financial sources and limited area of survey/study of the subject matter.

4|Page
 TABLE OF CONTENTS

Contents
1. INTRODUCTION...................................................................................................................................6
1.1 Existing data protection law in India..................................................................................................7
2. Information and technology act 2000...............................................................................................10
2.2Ground on which government can interfere with data....................................................................11
2.3.Tampering with Computer Source Documents as provided for under the IT Act, 2000..................13
3. need of data protection plan to regulate 5G in India............................................................................16
4 Basic of 5G data protection plan in European union.........................................................................18
5. SUGGESTION AND CONCLUSION.......................................................................................................21

5|Page
 1. INTRODUCTION

Centralization refers to the hierarchical level within an organisation that has authority to make
decisions. When decision making is kept at Information technology (IT) centralization is the
consolidation of an organization's technology resources. Centralization initiatives are often
initiated when it becomes apparent that allowing individual departments or branch offices to
provision their own IT systems and services is not helping the organization meet its goals and
objectives. When done correctly, IT centralization can not only simplify administrative tasks, it
can improve security, make data management easier and save the company money.
Bring your own device (BYOD) and IT consumerization are additional factors driving
enterprises to pursue IT centralization. Despite its advantages, however, IT centralization has its
downside because it can detract from an organization's ability to be agile and quickly respond to
changing business needs. It can also affect an organization's culture, perhaps unintentionally
creating a working environment that accepts bureaucracy and stifles innovation. The top level,
the organisation is centralisation; when it is delegated to lower organisational levels, it is
decentralized. India is taking various steps towards realizing its dream of becoming a truly digital
economy. The vision of the implementation of 5G soon is one of the ambitious and significant
aspects of this whole idea. The launch of 5G will be acting as a game-changer in the world of
information and technology.
It will not only be a golden opportunity to empower the national economy but will also help in
providing better facilities to the citizen. Issues such as what is 5G and what is so unique about it,
what will be the impact of 5G on the telecom sector, How it will going to impact the Indian
economy as a whole, what will be the legal hurdles before rolling out the 5G amongst others are
being raised regularly. However, before implementing the 5G, we should also consider the
challenges that India is facing currently with Data protection being one of it. Data will be of
great significance in this high-speed world of 5G, hence, it is important for us to have a strong
data protection law in order regulate the protection of data. There are ongoing cybercrimes,
hackings, trading and instances selling of personal data to the third party who has made a lot of
stakeholders to worry. Data protection is a burning question in India, and various phone
operators have cautioned the government about the security concern over the data protection
before implementing the 5G in India. The government has assured that they’ll be establishing
strong frameworks for deployment of Secure 5G services.
Data protection laws are much needed before the 5G technology but in the current form The
Personal data protection bill 2019, has multiple shortcomings which need to be addressed.
Hence, before the next G in the telecom sector comes, we all need strict data protection law.

6|Page
 1.1 Existing data protection law in India

Data Protection refers to the set of privacy laws, policies and procedures that aim to minimize
intrusion into one's privacy caused by the collection, storage and dissemination of personal data.
Personal data generally refers to the information or data which relate to a person who can be
identified from that information or data whether collected by any Government or any private
organization or an agency

The Constitution of India does not patently grant the fundamental right to privacy. However, the
courts have read the right to privacy into the other existing fundamental rights, ie, freedom of
speech and expression under Art 19(1)(a) and right to life and personal liberty under Art 21 of
the Constitution of India. However, these Fundamental Rights under the Constitution of India are
subject to reasonable restrictions given under Art 19(2) of the Constitution that may be imposed
by the State. Recently, in the landmark case of Justice K S Puttaswamy (Retd.) & Anr. vs. Union
of India and Ors., the constitution bench of the Hon'ble Supreme Court has held Right to Privacy
as a fundamental right, subject to certain reasonable restrictions.

India presently does not have any express legislation governing data protection or privacy.
However, the relevant laws in India dealing with data protection are the Information Technology
Act, 2000 and the (Indian) Contract Act, 1872. A codified law on the subject of data protection is
likely to be introduced in India in the near future.

The (Indian) Information Technology Act, 2000 deals with the issues relating to payment of
compensation (Civil) and punishment (Criminal) in case of wrongful disclosure and misuse of
personal data and violation of contractual terms in respect of personal data.

Under section 43A of the (Indian) Information Technology Act, 2000, a body corporate who is
possessing, dealing or handling any sensitive personal data or information, and is negligent in
implementing and maintaining reasonable security practices resulting in wrongful loss or
wrongful gain to any person, then such body corporate may be held liable to pay damages to the

7|Page
person so affected. It is important to note that there is no upper limit specified for the
compensation that can be claimed by the affected party in such circumstances.

The Government has notified the Information Technology (Reasonable Security Practices and
Procedures and Sensitive Personal Data or Information) Rules, 2011. The Rules only deals with
protection of "Sensitive personal data or information of a person", which includes such personal
information which consists of information relating to:-

1.Passwords

2. Financial information such as bank account or credit card or debit card or other payment
instrument details.

3. Physical, physiological and mental health condition;

4. Sexual orientation;

5. Medical records and history;

6. Biometric information.

The rules provide the reasonable security practices and procedures, which the body corporate or
any person who on behalf of body corporate collects, receives, possess, store, deals or handle
information is required to follow while dealing with "Personal sensitive data or information". In
case of any breach, the body corporate or any other person acting on behalf of body corporate,
the body corporate may be held liable to pay damages to the person so affected.

Under section 72A of the (Indian) Information Technology Act, 2000, disclosure of
information, knowingly and intentionally, without the consent of the person concerned and in
breach of the lawful contract has been also made punishable with imprisonment for a term
extending to three years and fine extending to Rs 5,00,000 (approx. US$ 8,000).

8|Page
 It is to be noted that s 69 of the Act, which is an exception to the general rule of
maintenance of privacy and secrecy of the information, provides that where the Government is
satisfied that it is necessary in the interest of:

1. The sovereignty or integrity of India,

2. Defence of India,

3. Security of the State,

4. Friendly relations with foreign States or

5. Public order or

6. For preventing incitement to the commission of any cognizable offence relating to above or

for investigation of any offence,

It may by order, direct any agency of the appropriate Government to intercept, monitor or
decrypt or cause to be intercepted or monitored or decrypted any information generated,
transmitted, received or stored in any computer resource. This section empowers the Government
to intercept, monitor or decrypt any information including information of personal nature in any
computer resource.

Where the information is such that it ought to be divulged in public interest, the Government
may require disclosure of such information. Information relating to anti-national activities which
are against national security, breaches of the law or statutory duty or fraud may come under this
category.

9|Page
 2. Information and technology act 2000

The Information Technology Act, 2000 also Known as an IT Act is an act proposed by the Indian
Parliament reported on 17th October 2000. This Information Technology Act is based on the
United Nations Model law on Electronic Commerce 1996 (UNCITRAL Model) which was
suggested by the General Assembly of United Nations by a resolution dated on 30th January,
1997. It is the most important law in India dealing with Cybercrime and E-Commerce.

The main objective of this act is to carry lawful and trustworthy electronic, digital and online
transactions and alleviate or reduce cybercrimes. The IT Act has 13 chapters and 90 sections.
The last four sections that starts from ‘section 91 – section 94’, deals with the revisions to the
Indian Penal Code 1860.

The IT Act, 2000 has two schedules:

 First Schedule – Deals with documents to which the Act shall not apply.
 Second Schedule – Deals with electronic signature or electronic authentication method.

The offences and the punishments in IT Act 2000 :

The offences and the punishments that falls under the IT Act, 2000 are as follows :-

 Tampering with the computer source documents.

 Directions of Controller to a subscriber to extend facilities to decrypt information.
 Publishing of information which is obscene in electronic form.
 Penalty for breach of confidentiality and privacy.
 Hacking for malicious purposes.
 Penalty for publishing Digital Signature Certificate false in certain particulars.
 Penalty for misrepresentation.
 Confiscation.
 Power to investigate offences.
 Protected System.
 Penalties for confiscation not to interfere with other punishments.
 Act to apply for offence or contravention committed outside India.
 Publication for fraud purposes.
 Power of Controller to give directions

sections and Punishments under Information Technology Act, 2000 are as follows :

10 | P a g e
SECTION PUNISHMENT

This section of IT Act, 2000 states that any act of destroying, altering or stealing
computer system/network or deleting data with malicious intentions without
authorization from owner of the computer is liable for the payment to be made to owner
Section 43 as compensation for damages.

This section of IT Act, 2000 states that any corporate body dealing with sensitive
Section information that fails to implement reasonable security practices causing loss of other
43A person will also liable as convict for compensation to the affected party.

Hacking of a Computer System with malicious intentions like fraud will be punished
Section 66 with 3 years imprisonment or the fine of Rs.5,00,000 or both.

Section 66 Fraud or dishonesty using or transmitting information or identity theft is punishable

B, C, D with 3 years imprisonment or Rs. 1,00,000 fine or both.

Section 66 This Section is for Violation of privacy by transmitting image or private area is
E punishable with 3 years imprisonment or 2,00,000 fine or both.

Section 66 This Section is on Cyber Terrorism affecting unity, integrity, security, sovereignty of
F India through digital medium is liable for life imprisonment.

This section states publishing obscene information or pornography or transmission of

obscene content in public is liable for imprisonment up to 5 years or fine of Rs.
Section 67 10,00,000 or both.

2.2Ground on which government can interfere with data

Under section 69 of the IT Act, any person, authorize by the Government or any of its officer
specially authorize by the Government, if satisfied that it is necessary or expedient so to do in the
interest of sovereignty or integrity of India, defence of India, security of the State, friendly
relations with foreign States or public order or for preventing incitement to the commission of
any cognizable offence relating to above or for investigation of any offence, for reasons to be
recorded in writing, by order, can direct any agency of the Government to intercept, monitor or

11 | P a g e
decrypt or cause to be intercepted or monitored or decrypted any information generated,
transmitted, received or stored in any computer resource. The scope of section 69 of the IT Act
includes both interception and monitoring along with decryption for the purpose of investigation
of cyber-crimes. The Government has also notified the Information Technology (Procedures and
Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009, under the
above section.

The Government has also notified the Information Technology (Procedures and Safeguards for
Blocking for Access of Information) Rules, 2009, under section 69A of the IT Act, which deals
with the blocking of websites. The Government has blocked the access of various websites.

Penalty for Damage to Computer, Computer Systems, etc. under the IT Act

Section 43 of the IT Act, imposes a penalty without prescribing any upper limit, doing any of the
following acts:

 Accesses or secures access to such computer, computer system or computer

network.

 Downloads, copies or extracts any data, computer data base or information from
such computer, computer system or computer network including information or data
held or stored in any removable storage medium.

 Introduces or causes to be introduced any computer contaminant or computer virus

into any computer, computer system or computer network.

 Damages or causes to be damaged any computer, computer system or computer

network, data, computer data base or any other program residing in such computer,
computer system or computer network.

12 | P a g e
  Disrupts or causes disruption of any computer, computer system or computer
network.

 Denies or causes the denial of access to any person authorize to access any
computer, computer system or computer network by any means; provides any
assistance to any person to facilitate access to a computer, computer system or
computer network in contravention of the provisions of this Act, rules or regulations
made thereunder.

 Charges the services availed of by a person to the account of another person by

tampering with or manipulating any computer, computer system, or computer
network, he shall be liable to pay damages by way of compensation to the person so
affected.

 Destroys, deletes or alters any information residing in a computer resource or

diminishes its value or utility or affects it injuriously by any means.

 Steel, conceals, destroys or alters or causes any person to steal, conceal, destroy or
alter any computer source code used for a computer resource with an intention to
cause damage.

2.3.Tampering with Computer Source Documents as provided for under the

IT Act, 2000

Section 65 of the IT Act lays down that whoever knowingly or intentionally conceals, destroys,
or alters any computer source code used for a computer, computer program, computer system

13 | P a g e
or computer network, when the computer source code is required to be kept or maintained by
law for the time being in force, shall be punishable with imprisonment up to three years, or
with fine which may extend up to Rs 2,00,000 (approx. US$3,000), or with both.

 Computer related offences

Section 66 provides that if any person, dishonestly or fraudulently does any act referred to in
section 43, he shall be punishable with imprisonment for a term which may extend to three years
or with fine which may extend to Rs 5,00,000 (approx. US$ 8,000)) or with both.

 Penalty for Breach of Confidentiality and Privacy

Section 72 of the IT Act provides for penalty for breach of confidentiality and privacy. The
Section provides that any person who, in pursuance of any of the powers conferred under the IT
Act Rules or Regulations made thereunder, has secured access to any electronic record, book,
register, correspondence, information, document or other material without the consent of the
person concerned, discloses such material to any other person, shall be punishable with
imprisonment for a term which may extend to two years, or with fine which may extend to Rs
1,00,000, (approx. US$ 3,000) or with both.

 Amendments as introduced by the IT Amendment Act, 2008

Section 10A was inserted in the IT Act which deals with the validity of contracts formed through
electronic means which lays down that contracts formed through electronic means "shall not be
deemed to be unenforceable solely on the ground that such electronic form or means was used
for that purpose".

The following important sections have been substituted and inserted by the IT
Amendment Act, 2008:

 Section 43A – Compensation for failure to protect data.

14 | P a g e
 Section 66 – Computer Related Offences
 Section 66A – Punishment for sending offensive messages through communication
service, etc. (This provision had been struck down by the Hon'ble Supreme Court as
unconstitutional on 24th March 2015 in Shreya Singhal vs. Union of India)
 Section 66B – Punishment for dishonestly receiving stolen computer resource or
communication device.
 Section 66C – Punishment for identity theft.
 Section 66D – Punishment for cheating by personation by using computer resource.
 Section 66E – Punishment for violation for privacy.
 Section 66F – Punishment for cyber terrorism.
 Section 67 – Punishment for publishing or transmitting obscene material in
electronic form.

 Section 67A – Punishment for publishing or transmitting of material containing

sexually explicit act, etc, in electronic form.

 Section 67B – Punishment for publishing or transmitting of material depicting

children in sexually explicit act, etc, in electronic form.
 Section 67C – Preservation and Retention of information by intermediaries.
 Section 69 – Powers to issue directions for interception or monitoring or decryption
of any information through any computer resource.
 Section 69A – Power to issue directions for blocking for public access of any
information through any computer resource.

 Section 69B – Power to authorize to monitor and collect traffic data or information
through any computer resource for cyber security.
 Section 72A – Punishment for disclosure of information in breach of lawful
contract.
 Section 79 – Exemption from liability of intermediary in certain cases.

15 | P a g e
  Section 84A –Modes or methods for encryption.
 Section 84B –Punishment for abetment of offences.
 Section 84C –Punishment for attempt to commit offences.

3. need of data protection plan to regulate 5G in India

India’s withdrawal of the contentious Personal Data Protection Bill 2019, after more than two
years of debate and consultation, has reignited the need for inclusive legislation. A non-partisan
law that democratizes the ecosystem for both government agencies and Big Tech companies on
data privacy of users. Post the rollback of the Bill; the Indian government has announced that it
will create a comprehensive legal framework for policing the digital universe. While the
government has set the ball rolling for redrawing the new Bill, its contours aren’t known yet.

The abandonment of the Data Protection Bill has important lessons. On why we can’t just import
ideas and copy provisions from foreign regulations like General Data Protection Regulation
(GDPR) framed by the EU. That’s because enforcement is a big challenge when your data
subjects are in a different geography. Indian regulation needn’t be GDPR lite. Instead, the
country is rooting for a holistic and inclusive law that safeguards sensitive citizen data without
hurting the emerging business landscape (Read the start-up ecosystem). Before we get our act
together on the new data privacy law, it’s crucial to study some provisions of the Personal Data
Protection Bill 2019 – the ones that were unpalatable and how they can be avoided.

One contentious clause was on ‘data localization’ that sought to check the export of data by
limiting it to the region where it originated. This meant that the Indian government could control
the flow of users’ data outside of Indian borders and question the Big Tech and social media
companies for special investigation purposes. For Big Tech players like Google and Meta, this
compliance could have jacked up their costs as they needed to invest more in ramping up local
data storage infrastructure. From a neutral standpoint, this provision also increased the
government’s surveillance powers without visible gains to the digital ecosystem.

16 | P a g e
Second, the government agencies enjoyed sweeping exemptions from some provisions of the Bill
that mandated data sharing. In the same vein, Big Tech didn’t get any such immunity. The Bill,
thus, was unequal in its scope and delivery.

Also, the Bill spanning over two years of debate and consultation had turned too complicated to
be passed, prodding the government to start afresh.

There is buzz that an all-new ‘Data Protection Bill’ will be tabled in the ensuing winter session
of the Parliament in December 2022. Separately, the Indian government is also mulling
overhauling the existing Information Technology (IT) Act of 2000 and possibly replacing it with
an all-encompassing Digital India Act.

The government’s intent for a comprehensive data privacy law augurs well for the immersive
digital economy and smooth data flow across borders between companies and customers. For
India to become a Global Data Leader, data exchange is paramount. And the seamless flow of
data is not feasible in the absence of a robust Data Protection legislation.

While the new law should not hurt the interests of the booming start-up ecosystem, it ought to
abundantly address the concerns of citizens whose private data is constantly under threat. The
existing IT Act of 2000 contains some provisions to regulate sensitive data. But no legislation
has been enacted to honour the Supreme Court judgement of 2017 that guaranteed Indians their
right to privacy.

Amid the proliferation of digital platforms, there is a crying need to protect citizens’ personal
data and make the process of data usage transparent. It is a known fact that India suffers one of
the highest data breaches each year, and many private and government sites suffer from data
losses. It is estimated that 18 of every 100 Indians have been affected by data breaches since
2004, with 962.7 million data points being exposed, primarily names and phone numbers. Online
data of almost 28 crore Indian citizens registered with the Employees’ Provident Fund
Organisation (EPFO) was leaked recently. It included sensitive information such as full name,
nominee details, Aadhaar details, and bank account details.

Data breaches can have serious repercussions. No government can afford to soft-pedal glaring
data leakages for long. Every citizen has the right to know how and when her data is used and for
what purposes. The new Data Protection law should articulate ownership, storage and processing
of personal data collected by public and private entities. Going one up, it can codify the
responsibilities and liabilities of these entities. More public participation in the consultation
process is needed to make the law more people-centric.

17 | P a g e
The upcoming legislation should also aim to safeguard kids’ data- the digital natives from the
burgeoning digital universe. Digital-first kids are overexposed to the online platforms that can
feed them with sleazy content. Their data can be captured and online behaviour profiled with
ease. Unless the proposed regulation spells explicit provisions to regulate data flow, children’s
private data can be mined for commercial gains.

India, home to the second largest base of internet users, lacks an independent data regulator. The
data subjects have limited rights. As an aspirational digital economy with big stakes on 5G
infrastructure, the nation needs to show better preparedness to navigate the mounting data
challenges. An inclusive data protection legislation empowering users and enthusing businesses
can catalyze the change.

4 Basic of 5G data protection plan in European union

There are five selected takeaways from the EU GDPR that we deem most relevant, at least for
5G vendors, 5G operators, or 5G standardization. Nevertheless, they are also generally relevant
to one or more stakeholders in a connected society.

1. Automate

Virtualized environments are becoming fundamental to 5G mobile networks, in which, for

example, virtualized network functions will be dynamically and automatically started, stopped,
scaled up, or scaled down. As such, it will become increasing impractical (if not impossible) to
manually ensure that the EU GDPR privacy and security obligations are enforced at all times.

Therefore, we see automation as a key to the EU GDPR compliance, mainly for 5G operators
and 5G vendors rather than 5G standardization. We stress that operators and vendors should
strive for a unified security and privacy management approach which would, in an automated
manner, ensure the best possible privacy in networks, monitor EU GDPR compliance gaps in a

18 | P a g e
near-real-time way, ensure that needed evidence is collected in the event of a privacy breach, and
perform necessary communications. Automated measures to fulfilling users' right, for example,
consent, data portability, restrictions and erasure, among other rights, must also be in place.

2. Be proactive

It is indeed encouraging to see that the 5G security standard (in progress 3GPP TS 33.501) has
had a strong focus on privacy from beginning. In general, data protection by design and by
default should be increasingly adopted by standardization. 

Different working groups in 3GPP should work in close coordination with the security working
group (SA WG3), for example, when designing identifiers and protocols, and specifying test
cases for privacy assurance in 5G. The same is true for vendors, for example, when
implementing 5G standards and developing proprietary solutions. Vendors must have, besides
data protection by design and default, privacy impact assessment built into their product
development lifecycle and should advise operators about the privacy impact of new technologies.
Additionally, the operators must analyze how the EU GDPR affects their business model and
take proactive steps in achieving compliance, for example, by appointing a competent data
protection officer.

3. Properly protect personal data

The EU GDPR obligations for protecting personal data are directly applicable to operators,
which are involved in handling personal data, in contrast to vendors, which are not. Nevertheless,
vendors have the responsibility to deliver appropriate technology, products, or solutions that
enable operators to comply with the EU GDPR.

Special care must be given to the functions, for example, OSS/BSS, which operate on personal
data. Operators and vendors must make sure that any form of data analytics on the personal data
has an appropriate consent from users. In general, protection measures for personal data must be
in place through hardening of nodes, encryption and integrity protection of stored personal data,
anonymization and pseudonymisation of personal data (when applicable), separation of data
according to purpose, authorized access, access logs and deleting of personal data when no
longer required, among other actions. Effort on research topics such as differential privacy and
transparency logging should also continue, as a key enabler of privacy by design.

19 | P a g e
4. Do not over-engineer

It is very important, especially for 5G standardization and 5G vendors, to take a broader

consideration of the system and threat landscape, both from a technical and business point of
view, when designing privacy solutions. The delivery timeline of standardization, cost of
implementation, and complexity of testing are vital considerations.

The EU GDPR itself encourages taking these considerations into account. In other words, over-
engineering must be avoided, meaning that technical solutions for privacy must be feasible,
practical, and appropriate to risks. To that end, guidelines produced from the newly formed
European Data Protection Board must be taken into consideration. To date, the Article 29
Working Party has produced guidelines on, for example, the right to data portability (WP 242),
data protection officers (WP 243), and data protection impact assessment (WP 248).

5. Take obligations seriously

With penalties that can reach as high as EUR 20 million or 4 percent of total worldwide annual
turnover, there is a huge financial risk for operators in case of potential non-compliance. There
are also real risks to reputation or brand image. Therefore, operators must take the EU GDPR
obligations very seriously, and vendors and standardization bodies must make sure that operators
are able to comply with the EU GDPR.

20 | P a g e
 5.SUGGESTION AND CONCLUSION

The problem calls for a three-pronged solution: social and economic development, multi-lateral
dialogue and military force.  More of the national expenditure needs to be focused on developing
these poorer regions through initiatives regarding health, education, social welfare and rural and
urban development. Government service delivery should be improved in these tribal areas. Both
state and government must ensure that things such as statutory minimum wages, access to land
and water sources initiatives are implemented.  In coming up with strategies for national
economic growth, the government must always bear in mind the possible effects of fast growth
for all socio-economic groups in a country as large and diverse as India. If the social needs of
these marginalized people are addressed, there will be no discontent to fuel the Naxalite’s
movements. Our military must be trained to fight such people and a special set of good officers

must be sent forward.

To conclude, the Naxalite problem reflects underlying issues in the Indian social, economic and
political institutions which threaten to expose India to even more danger from outside forces.
While the Naxalite movement is mainly an internal threat, with globalization, external and
internal security threats are inextricably linked. The complex and multi-faceted approach to
solving the Naxalite issue also reflects the fact that this is going to be the biggest menace to
India’s security also in the future.

21 | P a g e
 REFERENCES

 www.sociocosmo.com
 www.oxfordnotes.com
 https://www.jagranjosh.com
 https://www.hindustantimes.com
 http://www.mha.nic.in/pdfs/STTSPPR
 http://www.idsa.in/publications/stratcomments/NiharNayak300107.htm
 http://inpad.org/res104.html
 http://www.aitpn.org/Issues/II-09-06-Forest.pdf
 http://www.indiatogether.org/2007/nov/hrt-randrpol.htm
 http://www.mha.nic.in/pdfs/STTSPPR
 http://hrm.iimb.ernet.in/cpp/pdf
 http://www.jstor.org/stable/4381533
 http://www.rdiland.org/PDF/PDF_Reports/RDI_112.pdf
 http://www.jstor.org/stable/4397623
 http://www.arts.monash.edu/mai/asaa/gaurangsahay.pdf

22 | P a g e