Section 28 Indian Data Protection Act 2019
Maintenance of records
28. (1) The significant data fiduciary shall maintain accurate and up-to-date records of the following, in such form and manner as may be specified by regulations, namely:
(a) important operations in the data life-cycle including collection, transfers, and erasure of personal data to demonstrate compliance as required under section 10;
(b) periodic review of security safeguards under section 24;
(c) data protection impact assessments under section 27; and
(d) any other aspect of processing as may be specified by regulations.
(2) Notwithstanding anything contained in this Act, this section shall also apply to the State.
(3) Every social media intermediary which is notified as a significant data fiduciary under sub-section (4) of section 26 shall enable the users who register their service from India, or use their services in India, to voluntarily verify their accounts in such manner as may be prescribed.
(4) Any user who voluntarily verifies his account shall be provided with such demonstrable and visible mark of verification, which shall be visible to all users of the service, in such manner as may be prescribed.