Skip to main content

Q4 - What happens if a company shuts down — does it have to delete all personal data first?

Answer
  • Yes. If a company ceases operations, it must ensure that personal data is either deleted or anonymized unless retention is legally required.
  • This prevents abandoned databases from becoming easy targets for hackers.
Example
  • If ABC Crypto Exchange shuts down, it must erase user KYC data (passport, Aadhaar, PAN) unless regulators (like SEBI or FIU) require retention for a set period.
  • If it fails and that data leaks, penalties may still apply, even after shutdown, against directors or responsible officers.