Q6 - What happens if a Data Fiduciary fails to comply — does liability sit only with the company, or can directors and officers also be held responsible?
The primary liability rests with the organization as the Data Fiduciary. Penalties of up to ₹250 crore can be imposed by the Board depending on the nature and severity of the violation.
However, in cases of gross negligence, willful misconduct, or repeated violations, the directors, officers, or key managerial personnel responsible for decision-making can also come under scrutiny.
This is particularly true for Significant Data Fiduciaries, where the Data Protection Officer and senior management are expected to ensure compliance.
If XYZ E-commerce Ltd. suffers a massive data breach because its management ignored repeated warnings about outdated security systems, the company will face heavy fines.
Additionally, the Board may hold the CTO or compliance officers accountable if it is proven they willfully neglected their duties.