July 17, 2024

DPDP Act

Digital Personal Data Protection (DPDP) Act: Key Highlights

The Digital Personal Data Protection (DPDP) Act 2023 represents a significant advancement in India’s approach to data privacy and protection. With the rapid digitalisation of various sectors, there has been an exponential increase in the collection, processing, and storage of personal data. This surge has brought about critical concerns regarding data breaches, misuse of personal information, and the necessity for stringent data protection measures.

The need for such legislation became evident with high-profile data breaches and incidents of personal data misuse, which eroded public trust in digital services. The Justice Srikrishna Committee, established in 2018, played a pivotal role in highlighting these issues and recommending a comprehensive data protection framework. Their recommendations underscored the importance of protecting personal data while fostering innovation and economic growth.

Objectives Of The DPDP Act

The DPDP Act is designed to achieve several key objectives:

  • Safeguarding Personal Data: The Act aims to protect the privacy of individuals by setting clear guidelines for the collection, processing, and storage of personal data. This includes ensuring that personal data is handled with the highest standards of security to prevent unauthorised access and breaches.
  • Establish Lawful Processing Framework: It provides a legal framework for the lawful processing of personal data, outlining the conditions under which data can be collected and processed. This includes obtaining explicit consent from data principals and ensuring that data is processed transparently and fairly.
  • Empower Data Principals: One of the central tenets of the Act is to empower individuals with rights concerning their data. These rights include the ability to access, correct, and delete their data, as well as to object to and restrict processing.
  • Ensure Accountability: The Act imposes stringent obligations on data fiduciaries to ensure accountability in handling personal data. This includes implementing robust data protection measures, conducting data protection impact assessments, and appointing data protection officers.
  • Facilitate Cross-Border Data Transfers: Recognising the global nature of data flows, the Act sets out conditions for cross-border data transfers. It aims to ensure that personal data transferred outside India receives adequate protection.

Some Key Terms & Definitions In The DPDP Act

Understanding the DPDP Act requires familiarity with several key terms that define the roles and responsibilities within the data protection framework:

  • Data Principal: The individual whose personal data is being collected and processed. This term is crucial as it underscores the individual’s ownership and control over their data.
  • Data Fiduciary: An entity or individual who determines the purpose and means of processing personal data. Data fiduciaries bear the primary responsibility for ensuring that data processing activities comply with the Act.
  • Data Processor: Any entity that processes personal data on behalf of a data fiduciary. Data processors must adhere to the data protection standards set by the data fiduciary and the Act.
  • Personal Data: Any data that relates to an identified or identifiable individual. This broad definition encompasses a wide range of information, from names and contact details to online identifiers and biometric data.
  • Processing: Refers to any operation performed on personal data, whether automated or manual. This includes collecting, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing, disseminating, aligning, combining, restricting, erasing, or destroying personal data.
TermDefinition
Data PrincipalIndividual to whom the personal data belongs
Data FiduciaryEntity determining the purpose and means of processing personal data
Data ProcessorEntity processing data on behalf of the data fiduciary
Personal DataData relating to an identifiable individual
ProcessingAny operation performed on personal data, including collection, use, etc.

Scope And Applicability Of The DPDP Act

Territorial Jurisdiction

The DPDP Act has a wide-reaching territorial scope. It applies to:

  • Processing of Personal Data within India: Any personal data collected, stored, or processed within the Indian territory falls under the purview of the Act. This includes data processed by entities incorporated in India and those offering goods or services within India.
  • Processing of Personal Data Outside India: The Act also extends its jurisdiction to entities located outside India if they process personal data in connection with any business carried out within India, offer goods or services to individuals in India, or profile data principals within India. This extraterritorial application ensures that foreign entities handling Indian data are subject to the same stringent protections.

Applicability To Data Fiduciaries And Data Processors

The DPDP Act differentiates between two primary categories of entities involved in data processing:

  • Data Fiduciaries: These are entities or individuals that determine the purpose and means of processing personal data. They hold the principal responsibility for ensuring compliance with the Act. This includes companies, government bodies, and NGOs that collect and decide how to use personal data.
  • Data Processors: Entities that process data on behalf of data fiduciaries are considered data processors. While their role is more limited, they must still adhere to the standards and instructions provided by data fiduciaries and ensure data protection measures are in place.

Exemptions And Special Cases In The DPDP Act

While the DPDP Act aims to cover a broad spectrum of data processing activities, it provides certain exemptions to balance operational efficiency with privacy concerns:

  • National Security and Defence: Data processing for national security and defence purposes is exempt from the provisions of the Act. This ensures that national security operations are not hindered by privacy regulations.
  • Public Interest and Research: Processing of personal data for research, statistical analysis, or archiving in the public interest may be exempt from certain requirements, provided adequate safeguards are implemented.
  • Personal and Household Activities: Data processed for personal or household activities, such as maintaining personal contacts or social media usage, is exempt from the Act’s requirements.

Principles Of Data Protection In The DPDP Act

  1. Purpose Limitation

    The DPDP Act mandates that personal data should be collected only for specific, clear, and lawful purposes. Data fiduciaries must ensure that the data collected is not used for purposes beyond what is initially stated unless the data principal consents to such additional uses.

  2. Data Minimisation

    Data minimisation is a core principle, requiring that only the data necessary for the intended purpose should be collected and processed. This minimises the risk of data breaches and reduces the burden on data fiduciaries to protect unnecessary data.

  3. Accuracy and Quality of Data

    Data fiduciaries are obligated to ensure that the personal data they collect is accurate, complete, and up-to-date. This includes verifying data at the point of collection and taking steps to rectify any inaccuracies promptly.

  4. Storage Limitation

    The Act imposes strict guidelines on how long personal data can be retained. Data fiduciaries must retain data only for as long as necessary to fulfil the purposes for which it was collected. Once the data is no longer needed, it should be securely deleted.

Rights Of Data Principals In The DPDP Act

  1. Right to Information

    The DPDP Act empowers data principals with the right to be informed about the collection and use of their data. Data fiduciaries must provide clear and transparent information regarding the nature of the data collected, the purposes of processing, and the duration for which the data will be retained. This information should be easily accessible and understandable to ensure that data principals can make informed decisions.
    Example: If an e-commerce company collects data for order processing, it must inform customers about how their data will be used, the duration of data retention, and any third parties with whom the data will be shared.

  2. Right to Correction and Erasure

    Data principals have the right to request the correction of inaccurate or outdated personal data. Data fiduciaries are required to take reasonable steps to ensure that such data is corrected promptly. Additionally, data principals can request the erasure of their data if it is no longer necessary for the purposes for which it was collected if they withdraw their consent, or if the data has been unlawfully processed.
    Example: A user of a social media platform can request to correct their profile information or delete their account and associated data if they decide to stop using the service.

  3. Right to Data Portability

    The DPDP Act introduces the right to data portability, allowing data principals to receive their data in a structured, commonly used, and machine-readable format. This right enables individuals to transfer their data from one data fiduciary to another without hindrance, facilitating greater control and flexibility over their personal information.
    Example: A person using a fitness app can request their health data in a portable format if they decide to switch to a different app or service provider.

  4. Right To Object And Restrict Processing

    Data principals have the right to object to the processing of their data in certain circumstances, such as for direct marketing purposes. They can also request the restriction of data processing if the accuracy of the data is contested, the processing is unlawful, or if they require the data for the establishment, exercise, or defence of legal claims.
    Example: An individual can object to their data being used for targeted advertisements or restrict processing if they believe their data is incorrect.

Duties Of Data Fiduciaries

Lawful And Fair Processing

Data fiduciaries are obligated to process personal data lawfully and fairly. This includes obtaining valid consent from data principals or ensuring that the processing is necessary for the performance of a contract, compliance with a legal obligation, or the protection of vital interests. The processing must be transparent and conducted in a manner that respects the rights and freedoms of data principals.

Example: A healthcare provider must obtain explicit consent from patients before collecting their medical records and ensure the data is used solely for providing healthcare services.

Transparency And Accountability

Transparency is a cornerstone of the DPDP Act. Data fiduciaries must provide clear and accessible information about their data processing activities, including the purposes, legal basis, and recipients of the personal data. Accountability mechanisms, such as maintaining records of processing activities and conducting regular audits, are essential to demonstrate compliance with the Act.

Example: Financial institutions must disclose how customer data is processed and ensure regular audits to maintain data protection standards.

Security Safeguards

The DPDP Act mandates that data fiduciaries implement appropriate technical and organisational measures to ensure the security of personal data. This includes protecting data against unauthorised access, loss, destruction, or damage. Data fiduciaries must regularly review and update their security practices to address evolving threats.

Example: Companies must employ encryption, access controls, and regular security audits to protect customer data from breaches.

Data Protection Impact Assessments

Before undertaking processing activities that pose a high risk to the rights and freedoms of data principals, data fiduciaries are required to conduct Data Protection Impact Assessments (DPIAs). These assessments help identify and mitigate potential risks associated with data processing activities. DPIAs are particularly crucial for new technologies or large-scale data processing operations.

Example: A technology company developing a new AI-based service must conduct a DPIA to identify and address potential data protection risks.

Grievance Redressal Mechanism In The DPDP Act

Data Principal’s Right To Redressal

The DPDP Act establishes a robust grievance redressal mechanism to address the concerns of data principals. Individuals have the right to file complaints if they believe their data rights have been violated or if they are dissatisfied with the way their data has been handled. Data fiduciaries are required to respond to grievances within a specified timeframe, ensuring that data principals have access to timely and effective redressal.

Role Of Data Protection Officers

Data fiduciaries must appoint Data Protection Officers (DPOs) who are responsible for overseeing data protection strategies and ensuring compliance with the DPDP Act. DPOs act as a point of contact for data principals, addressing their concerns and facilitating the resolution of grievances.

Establishment Of Grievance Redressal Portal

The Act mandates the creation of an online grievance redressal portal where data principals can lodge complaints and track the status of their grievances. This portal aims to streamline the complaint process and provide timely resolutions, enhancing the overall effectiveness of the grievance redressal mechanism.

Compliance And Penalties

Compliance Requirements For Organisations

Organisations must adhere to comprehensive compliance requirements outlined in the DPDP Act. This includes maintaining records of data processing activities, conducting regular data protection audits, and implementing appropriate data security measures. Organisations must also ensure that their employees are trained on data protection practices and aware of their responsibilities under the Act.

Penalties For Non-Compliance Of The DPDP Act

The DPDP Act imposes significant penalties for non-compliance to ensure that data fiduciaries adhere to the regulations. Penalties vary based on the severity and nature of the violation, all monetary. All sums realised by way of penalties under this act shall be credited to the Consolidated Fund of India.

Roles Of The Data Protection Board

The Data Protection Board, established under the DPDP Act, is responsible for monitoring compliance, conducting investigations, and enforcing penalties for violations. The Board plays a crucial role in upholding the principles of data protection and ensuring that data fiduciaries comply with the Act.

Impact Of The DPDP Act On Businesses And Organisations

Changes Required In Data Management Practices

The DPDP Act mandates significant changes in data management practices for businesses and organisations. These changes aim to ensure that personal data is handled with the highest standards of security and transparency.

  • Data Collection and Processing: Organisations need to clearly define the purpose for which personal data is collected and ensure that it is processed only for that purpose. This requires revising data collection forms, obtaining explicit consent, and maintaining detailed records of data processing activities.
  • Data Security: Implementing robust security measures is crucial. This includes encryption of data, regular security audits, and employing advanced cybersecurity technologies to protect against breaches and unauthorised access.
  • Data Retention and Deletion: Organisations must establish clear data retention policies, ensuring that personal data is retained only as long as necessary for the intended purpose. Once the data is no longer needed, it must be securely deleted to prevent misuse.
  • Employee Training: Regular training programs for employees on data protection practices and compliance requirements are essential. Employees must be aware of their responsibilities and the implications of non-compliance.

Effect Of The DPDP Act On Different Sectors

Different sectors face unique challenges and implications under the DPDP Act due to the nature of the data they handle and the specific requirements of their operations.

  • Healthcare Sector: Healthcare providers deal with sensitive personal data, including medical records and health information. They must ensure the confidentiality and security of this data, implement strict access controls, and obtain explicit consent for data sharing.
    Example: Hospitals and clinics must implement robust electronic health record systems that comply with data protection standards, ensuring patient data is secure and accessible only to authorised personnel.
  • E-commerce Sector: E-commerce businesses collect a vast amount of personal data, including payment information, browsing history, and purchase behaviour. They must implement stringent data protection measures, secure payment gateways, and provide transparent information about data use to customers.
    Example: An online retailer must secure customer payment information through encryption and regularly update its privacy policy to reflect changes in data processing practices.
  • Banking and Financial Services: Financial institutions handle highly sensitive personal and financial data. They must ensure data integrity, implement advanced fraud detection systems, and comply with stringent data protection regulations.
    Example: Banks need to employ multifactor authentication for online banking services and conduct regular security audits to safeguard customer data.
  • Technology and IT Services: Tech companies and IT service providers often process large volumes of personal data. They must conduct data protection impact assessments, ensure compliance with cross-border data transfer regulations, and implement privacy by design in their products and services.
    Example: A tech startup developing a new app must conduct a data protection impact assessment to identify and mitigate risks associated with data processing.
  • Telecommunications: Telecom companies collect and process personal data for service provision and customer support. They must ensure data security, comply with regulatory requirements, and provide customers with transparency and control over their data.
    Example: A telecom operator must secure customer data, provide clear information about data use, and offer options for customers to manage their data preferences.

Conclusion

The Digital Personal Data Protection Act (DPDP) marks a significant advancement in India’s data privacy landscape. It empowers individuals with substantial rights over their data and places significant responsibilities on organisations. By aligning with global standards, the Act enhances trust in digital services and promotes responsible data use. Despite the challenges, businesses can leverage this opportunity to build stronger customer relationships. As the digital realm evolves, the DPDP Act will adapt, ensuring robust data protection and fostering a secure, transparent, and innovative digital environment in India.

Other Interesting Reads:

FAQs on the DPDP Act

The Digital Personal Data Protection (DPDP) Act 2024 is India’s legislation designed to protect personal data and ensure privacy. It provides individuals with rights over their personal data, such as access, correction, and deletion. The Act imposes responsibilities on organisations for lawful data processing, transparency, and robust security measures. It also regulates cross-border data transfers and includes mechanisms for grievance redressal and enforcement.

The DPDP Act enforces compliance through financial penalties. Minor breaches can incur fines up to ₹10,000. More serious violations, like failing to secure data or neglecting breach notification, can result in much steeper fines reaching up to ₹250 Crore or 4% of global turnover, whichever is higher. There are no criminal penalties under the DPDP Act.

The Digital Personal Data Protection (DPDP) Act in India, introduced in 2019, underwent extensive review and revisions before being enacted in July 2023. Implementation and compliance measures started in 2024, with ongoing updates expected.

Grievance redressal under the DPDP Act involves mechanisms for individuals to raise complaints about data breaches or violations of their data rights. Organisations must appoint a Data Protection Officer to handle complaints, and unresolved issues can be escalated to the Data Protection Board for resolution.

DPDP focuses on digital personal data, while GDPR covers all personal data. GDPR also has stricter consent requirements, demanding clear and specific user authorization. Data transfer regulations are still under development in DPDP, whereas GDPR has stricter rules. Finally, both have penalties for non-compliance, but DPDP’s maximum fine might be lower than GDPR’s.

Compliance with the DPDP Act involves implementing security safeguards, conducting Data Protection Impact Assessments, reporting data breaches, appointing a Data Protection Officer, and responding to data principal requests for access, correction, or deletion of their personal data.

The right to erasure under the DPDP Act allows individuals to request the deletion of their personal data if it is no longer necessary for the purpose it was collected, they withdraw their consent, or the data is being processed unlawfully. Organisations must comply with valid erasure requests, ensuring the data is permanently deleted or anonymised.

The right to nominate under the DPDP Act allows individuals to appoint a nominee to exercise their data protection rights in the event of death or incapacitation. This ensures continuity in the management and protection of personal data according to the individual’s wishes.

The full form of DPDP Act is the Digital Personal Data Protection Act.

A consent manager under the DPDP Act is an entity registered with the Data Protection Board that facilitates individuals in providing, managing, and withdrawing consent for the processing of their personal data across various data fiduciaries. They ensure that consent is informed, specific, and can be easily managed by the data principal.

By Abhinandan, ago
26AS Blog

What Is Form 26AS? How To Download From TRACES Portal?

What Is Form 26AS?

Form 26AS is an annual tax statement issued under Section 203AA of the Income Tax Act, 1961. It contains details of tax deducted at source (TDS), tax collected at source (TCS), advance tax paid by the taxpayer, self-assessment tax, regular assessment tax, and details of refunds received during the financial year. Essentially, Form 26AS is a consolidated tax statement that helps taxpayers cross-check the tax deducted and deposited against their Permanent Account Number (PAN).

Form 26AS is a crucial document for all taxpayers as it serves as a comprehensive record of all tax-related transactions. This form is linked to a taxpayer’s PAN and is available online through the TRACES (TDS Reconciliation Analysis and Correction Enabling System) portal.

Importance Of Form 26AS When Filling ITR

Form 26AS plays a significant role in the Income Tax Returns (ITR) taxation process by ensuring transparency and accuracy. It helps taxpayers in:

  • Verifying TDS and TCS Credits: Taxpayers can verify the tax deducted and collected by various deductors and ensure it matches the amounts reflected in their income tax returns (ITR).
  • Tracking High-Value Transactions: Form 26AS records high-value transactions, such as mutual fund investments, property purchases, and more, which aids in financial planning and compliance.
  • Claiming Tax Refunds: By cross-checking the TDS and TCS details, taxpayers can ensure they claim the correct tax refunds.
  • Ensuring Accurate Tax Filing: Form 26AS provides a comprehensive summary of all tax-related transactions, which simplifies the process of filing accurate tax returns.

To understand this further, consider a salaried individual who also earns interest from fixed deposits and rental income. Throughout the financial year, TDS is deducted from the salary by the employer, from the interest by the bank, and the rental income by the tenant (if applicable). At the end of the financial year, the individual can refer to Form 26AS to verify all TDS credits and ensure that they are accurately reflected in the ITR.

What Are The Components Of Form 26AS?

Part A: Details of Tax Deducted at Source (TDS)

Part A of Form 26AS provides a detailed summary of all TDS deducted by various deductors on income such as salary, interest, dividends, and more. This section includes the following details:

  • Name and TAN of the Deductor: The name and Tax Deduction and Collection Account Number (TAN) of the entity deducting the tax.
  • Total Amount Paid/Credited: The total income amount on which TDS was deducted.
  • Tax Deducted and Deposited: The amount of TDS deducted and deposited to the government.
  • Date of Deduction and Deposit: The dates on which the TDS was deducted and deposited.

For example, if you are a salaried employee, Part A will show the TDS deducted by your employer from your salary. If you have interest income from a bank, it will reflect the TDS deducted by the bank.

Part B: Details Of Tax Collected At Source (TCS)

Part B of Form 26AS shows the tax collected at source by sellers on specific transactions such as the sale of goods and services. This section includes:

  • Name and TAN of the Collector: The name and TAN of the entity collecting the tax.
  • Total Amount Received: The total amount on which TCS was collected.
  • Tax Collected and Deposited: The amount of TCS collected and deposited to the government.
  • Date of Collection and Deposit: The dates on which the TCS was collected and deposited.

For example, if you purchased a high-value item like a car, Part B would reflect the TCS collected by the seller.

Part C: Details Of Tax Paid (Other than TDS or TCS)

Part C details the taxes paid directly by the taxpayer, such as advance tax and self-assessment tax. This section includes:

  • Challan Identification Number (CIN): The unique number assigned to each tax payment.
  • Amount Paid: The total amount of tax paid.
  • Date of Payment: The date on which the tax was paid.

This part is particularly useful for taxpayers who make advance tax payments or self-assessments.

Part D: Details Of Paid Refund

Part D provides information on any refunds received during the financial year. This section includes:

  • Assessment Year: The year for which the refund was received.
  • Mode of Payment: The method through which the refund was received (e.g., direct bank transfer).
  • Refund Amount: The total amount of refund received.
  • Interest on Refund: Any interest paid by the Income Tax Department on the refund.

Part E: Details Of AIR Transactions

Part E contains details of high-value transactions reported by banks and financial institutions under the Annual Information Return (AIR). This includes transactions like:

  • Mutual Fund Investments: Large investments in mutual funds.
  • Credit Card Payments: High-value credit card payments.
  • Property Purchases: Transactions involving the purchase of property.

Part F: Details Of Tax Deducted On The Sale Of Immovable Property

Part F provides information on TDS deducted on the sale of immovable property. This section includes:

  • Name and PAN of the Buyer: The name and PAN of the buyer deducting the tax.
  • Amount Paid/Credited: The total amount of the transaction.
  • Tax Deducted and Deposited: The TDS amount deducted and deposited.
  • Date of Deduction and Deposit: The dates of deduction and deposit.

Part G: Defaults In TDS Or TCS By Deductors

Part G lists any defaults in TDS or TCS by deductors. This section includes:

  • Name and TAN of the Deductor/Collector: The entity responsible for the default.
  • Nature of Default: The type of default (e.g., non-payment, late payment).
  • Amount of Default: The amount involved in the default.

How To Download Form 26AS

Download Form 26AS Through TRACES

Form 26AS can be accessed online through the TRACES (TDS Reconciliation Analysis and Correction Enabling System) portal. Here’s a step-by-step guide to accessing Form 26AS via TRACES:

TRACES Homepage
TRACES Homepage
  1. Visit the TRACES Website:
  2. Login with Credentials:
    • Use your PAN (Permanent Account Number) and password to log in. If you are a new user, you will need to register first.
  3. Navigate to View Form 26AS:
    • After logging in, select the ‘View Form 26AS (Tax Credit)’ option under the ‘My Account’ tab.
  4. Select the Assessment Year:
    • Choose the assessment year for which you want to view Form 26AS.
  5. View or Download Form 26AS:
    • The form will be displayed on the screen. You can view it online or download it in PDF format for future reference.

Downloading Form 26AS Through Net Banking

Many banks provide the facility to access Form 26AS through their net banking portals. Here’s how you can do it:

  1. Login to Net Banking:
    • Log in to your bank’s net banking portal using your credentials.
  2. Locate the Tax Section:
    • Find the ‘Tax’ or ‘Income Tax’ section in the dashboard.
  3. Select Form 26AS:
    • Click on the link to view Form 26AS. You will be redirected to the TRACES website.
  4. View or Download Form 26AS:
    • After being redirected, follow the steps to select the assessment year and view or download your Form 26AS.

Benefits of Accessing Form 26AS Online

Accessing Form 26AS online offers several advantages:

  • Convenience: You can access the form anytime, anywhere, without the need to visit a tax office.
  • Real-Time Updates: The online form is updated in real-time, ensuring you have the most current information.
  • Accurate Record-Keeping: Downloading and storing the form digitally helps maintain accurate records for future reference.
  • Ease of Verification: Online access allows for easy verification of TDS and TCS credits, aiding in accurate tax filing.

Benefits Of Form 26AS

1. Ensuring Accurate Tax Filing

One of the primary benefits of Form 26AS is that it ensures accurate tax filing. By providing a comprehensive summary of all tax-related transactions, Form 26AS helps taxpayers cross-check the TDS and TCS amounts reported by various deductors. This ensures that the income and tax deductions reflected in the taxpayer’s Income Tax Return (ITR) are accurate, reducing the likelihood of errors and discrepancies.

For example, if a salaried employee also earns interest from a bank and rental income, Form 26AS will include TDS details from the employer, the bank, and the tenant. The taxpayer can use these details to verify the TDS amounts before filing the ITR, ensuring that all income and tax credits are correctly reported.

2. Verifying TDS And TCS Credits

Form 26AS allows taxpayers to verify the TDS and TCS credits claimed by various deductors. This is crucial for ensuring that the correct amount of tax has been deducted and deposited with the government. By matching the TDS and TCS amounts in Form 26AS with the taxpayer’s records, discrepancies can be identified and rectified promptly.

For instance, if a taxpayer notices a mismatch in the TDS amount deducted by their bank on interest income, they can immediately address the issue with the bank, ensuring that the correct amount is credited to their tax account.

3. Tracking High-Value Transactions

Form 26AS also includes details of high-value transactions reported by banks and financial institutions. These transactions are recorded under the Annual Information Return (AIR) and help in tracking significant financial activities, such as:

  • Mutual Fund Investments: Large investments in mutual funds.
  • Credit Card Payments: High-value credit card payments.
  • Property Purchases: Transactions involving the purchase of property.

Tracking these transactions helps taxpayers in financial planning and ensures that they are aware of the high-value activities reported to the Income Tax Department.

4. Claiming Tax Refunds

By providing a detailed summary of all TDS and TCS credits, Form 26AS helps taxpayers claim the correct tax refunds. When filing the ITR, taxpayers can refer to Form 26AS to ensure that all eligible tax credits are claimed, reducing the chances of under-claiming or over-claiming tax refunds.

Common Issues And Solutions Related To Form 26AS

1. Mismatched TDS or TCS Details

One of the most common issues faced by taxpayers is a mismatch in the TDS or TCS details in Form 26AS. This discrepancy can occur due to errors made by the deductor while reporting the TDS or TCS to the Income Tax Department. Mismatched details can lead to complications in tax filings and delays in processing refunds.

Solution
  • Verify with Deductor: Immediately contact the deductor (employer, bank, or other entity) to verify the details and request them to correct the TDS or TCS information. The deductor can rectify the mistake and submit a revised TDS or TCS statement to the Income Tax Department.
  • Correction Request on TRACES: If the mismatch persists, you can log in to the TRACES portal and request a correction. Ensure that you provide accurate information to facilitate the correction process.

2. Incorrect Personal Information

Errors in personal information such as PAN, name, or address in Form 26AS can lead to difficulties in tax filings and potential mismatches. These errors usually occur due to incorrect data entry by the deductor.

Solution
  • Update PAN Details: Ensure that your PAN details are updated with all deductors. If you notice incorrect personal information in Form 26AS, inform the deductor to make the necessary corrections.
  • Use TRACES for Corrections: Log in to the TRACES portal and request a correction in personal information. This ensures that your records are accurate and up-to-date.

3. Unreported Transactions

Sometimes, certain transactions may not appear in Form 26AS, leading to incomplete records. This could be due to the deductor failing to report the transaction or delays in updating the information.

Solution
  • Verify Transactions with Deductor: Check with the deductor to ensure that they have reported the transaction and submitted the TDS or TCS details to the Income Tax Department.
  • Cross-Check Form 26AS Regularly: Regularly monitor your Form 26AS to ensure all transactions are reported. If you find any missing transactions, follow up with the deductor for timely updates.

Importance of Addressing Issues

Timely correction of issues in Form 26AS is crucial for several reasons:

  • Accurate Tax Filing: Ensures that the details in your ITR match the TDS and TCS credits reported, preventing discrepancies.
  • Avoiding Penalties: Correcting errors promptly helps avoid potential penalties for underreporting income or tax evasion.
  • Ensuring Proper Tax Credits: Accurate Form 26AS ensures that you can claim the correct tax credits and refunds, facilitating smooth processing by the Income Tax Department.

Due Dates For Filing And Issuance Of Form 26AS

Adhering to due dates for filing and issuing Form 26AS is crucial for maintaining compliance with the Income Tax regulations. Here are the key deadlines:

  • TDS Return Filing:
    • For the quarter ending June 30: July 31
    • For the quarter ending September 30: October 31
    • For the quarter ending December 31: January 31
    • For the quarter ending March 31: May 31
  • Issuance of Form 16A and Form 16B:
    • For the quarter ending June 30: July 15
    • For the quarter ending September 30: October 15
    • For the quarter ending December 31: January 15
    • For the quarter ending March 31: May 15

These deadlines ensure that the TDS and TCS deductions are reported and the corresponding certificates are issued timely, facilitating smooth tax compliance for both deductors and deductees.

Penalties For Non-Compliance

Non-compliance with the issuance and filing of Form 26AS can attract penalties and interest charges. Here are some of the consequences:

  • Late Filing of TDS Returns:
    • A penalty of ₹200 per day for the period of delay in filing TDS returns.
    • Additional penalties ranging from ₹10,000 to ₹1,00,000 can be imposed for failure to file the return within a year from the due date or for incorrect filing.
  • Late Issuance of TDS Certificates:
    • A penalty of ₹100 per day per certificate is levied until the form is issued.
  • Incorrect Information in TDS Returns:
    • A penalty of ₹10,000 to ₹1,00,000 can be levied for furnishing incorrect information in the TDS returns, which affects the Form 26AS issued.

Conclusion

Form 26AS is an indispensable document for taxpayers in India, providing a comprehensive summary of all tax-related transactions. It serves as a vital tool for ensuring accurate tax filing, verifying TDS and TCS credits, tracking high-value transactions, and claiming tax refunds. By consolidating all tax information linked to a taxpayer’s PAN, Form 26AS simplifies the process of filing Income Tax Returns (ITR) and ensures compliance with tax regulations.

FAQs on Form 26AS

Form 26AS is an annual tax statement issued by the Income Tax Department of India. It provides a consolidated record of a taxpayer’s income, tax deducted at source (TDS), tax collected at source (TCS), advance tax, self-assessment tax, refunds, and details of high-value transactions.

To view your Form 26AS, log in to the Income Tax e-Filing Portal at https://www.incometax.gov.in/iec/foportal/ using your PAN, password, and CAPTCHA code. Navigate to ‘My Account’ and click on ‘View Form 26AS (Tax Credit)’, which redirects you to the TRACES website. Confirm to proceed, select the relevant assessment year and preferred format (HTML, PDF, or text), and then view or download your Form 26AS. For PDFs, use your date of birth in DDMMYYYY format as the password to open the file.

Form 26AS is an annual tax statement showing a taxpayer’s income, TDS, TCS, advance tax, refunds, and high-value transactions from various sources. Form 16 is a certificate from an employer detailing TDS deducted from an employee’s salary. Form 26AS is comprehensive, while Form 16 is specific to salary TDS.

The Income Tax Department of India issues Form 26AS.

To file Form 26A online:

  1. Log in to the TRACES website using your TAN and password.
  2. Select ‘Defaults’ > ‘Request for Correction’.
  3. Enter the required details (Financial Year, Quarter, Form Type) and submit.
  4. Obtain Form 27BA, signed by a Chartered Accountant.
  5. Upload the signed Form 27BA on the TRACES portal.
  6. Review and submit the form, then receive the acknowledgment receipt.

If your income is wrong in Form 26AS, contact the deductor (employer, bank, etc.) to correct the discrepancy by filing a revised TDS return. If the issue persists, raise a grievance on the Income Tax e-Filing portal under the ‘e-Nivaran’ section, and ensure you report the correct income in your Income Tax Return (ITR).

Corrections in Form 26AS usually reflect within 7-30 days after the deductor files the revised TDS return, depending on the processing time by the Income Tax Department and the TRACES system.

TDS is the tax deducted from income by an entity (e.g., employer or bank) and deposited with the government. Form 26AS is an annual statement that consolidates all tax-related information for a taxpayer, including TDS, TCS, advance tax, self-assessment tax, and refunds, providing a comprehensive view of the taxes paid and credits available.

Yes, Form 26AS is mandatory for taxpayers as it provides a comprehensive record of taxes paid, including TDS, TCS, advance tax, self-assessment tax, and refunds. It is essential for accurate tax filing and verification of tax credits.

To claim TDS not shown in Form 26AS, first verify the TDS certificate (Form 16 or Form 16A) from the deductor. Contact the deductor to correct the discrepancy by filing a revised TDS return. Wait for the updated details to reflect in Form 26AS. When filing your Income Tax Return (ITR), report the correct TDS amount using the TDS certificate details and attach the certificate as proof. If the issue persists, raise a grievance on the Income Tax e-Filing portal under the ‘e-Nivaran’ section with the relevant details and documents.

By Abhinandan, ago
AuthBridge-footer-logo2

Stay Informed

Keep yourself updated with the latest innovations in BGV & Authentication Technology from India’s leading Background Verification Company

Sign up for our newsletter

Solutions

White-collar Verification
Blue-collar Verification
KYC Solutions
AML Solution
Digital Address Verification
Risk Management
Digital Underwriting
All Solutions →

Checks

Employment Verification
Education Verification
Address Verification
Aadhaar Card Verification
Pan Card Verification
Udyog Aadhaar Verification
GST Verification
View All Checks →

Products

iBRIDGE
OnboardX
TruthScreen
SignDrive
AuthLead
WorkAttest
Vault
CorpVeda
View All Products →

Resources

Blogs
Customer Stories
Whitepapers

View all Resources →

Company

About Us

Careers
Newsroom

Investor Relations

Help Center

For Clients
For Candidates
Youtube Facebook Linkedin
AuthBridge is the #1 Authentication Company. Copyright 2023 AuthBridge, All Rights Reserved.
Request A Demo
Youtube Facebook Linkedin

Hi! Let’s Schedule Your Call.

To begin, Tell us a bit about “yourself”

The most noteworthy aspects of our collaboration has been the ability to seamlessly onboard partners from all corners of India, for which our TAT has been reduced from multiple weeks to a few hours now.

- Mr. Satyasiva Sundar Ruutray
Vice President, F&A Commercial,
Greenlam

Thank You

We have sent your download in your email.

Case Study Download

Want to Verify More Tin Numbers?

Want to Verify More Pan Numbers?

Want to Verify More UAN Numbers?

Want to Verify More Pan Dob ?

Want to Verify More Aadhar Numbers?

Want to Check More Udyam Registration/Reference Numbers?

Want to Verify More GST Numbers?