The Digital Personal Data Protection Act (DPDP)

  1. Home /
    2. Cyber Security /
  2. The Digital Personal Data Protection Act (DPDP)
The Digital Personal Data Protection Act (DPDP)
Cyber Security Information Security Uncategorized

The Digital Personal Data Protection Act (DPDP)

Commonly Known as the ‘Privacy Law’ or the ‘Data Protection Law’, the Digital Personal Data Protection Act (DPDPA) of 2023, is approved by the Honourable President on August 11, 2023. This act is going to align India’s data protection and privacy protocols with global standards. The business practices are going to be redefined by placing strong emphasis on accountability in the management of digital personal data, highlighting the necessity of clear and transparent consent for activities such as data collection, processing, and storage.

While rooted in familiar principles of control and transparency, the DPDPA introduces distinctive elements not found in other privacy legislations. Let’s delve into some of these intriguing features:

Data Protection Impact Assessments (DPIAs) is not a universal mandate for DPDPA. Its mandatory only for the business / companies categorized as “Significant Data Fiduciaries.” A data fiduciary is an organization that collects and processes personal data and is responsible for its security and confidentiality. Data fiduciaries determine the purpose and means of processing data and may be involved in the processing itself. 

The responsibility for data security breaches falls firmly on the Data Fiduciary. The Organizations are required to adopt stringent security protocols and develop strategies to handle any security breaches that compromise consumer data. The Data Fiduciary bears responsibility for the security of data being processed by a Data Processor on its behalf.

DPDPA Empowers individuals (data principals) through a range of rights regarding their personal data as well as acknowledges their responsibilities. Data principals are advised to provide accurate information while submitting the data and to avoid unreasonable demands of data fiduciaries. Data Principals should not impersonate another person while providing their personal data for a specified purpose. They can be held liable for impersonating another individual under the DPDPA.

Consent Manager concept is a unique element of the DPDPA. A consent manager – an individual or a specialized corporate entity – is responsible for the process of collecting and managing consent for personal data collection and utilization. This role is for to add an extra layer of accountability to guarantee the consent meets the criteria of being is freely given, specific, informed, and unambiguous.

Right to withdraw their consent to the processing of their personal data is with the individuals (Data Principals) at any time. The Digital Personal Data Protection Act (DPDP) says the withdrawal process must be as easy as the process for giving consent, such as by providing a link to unsubscribe.

Huge penalties are imposed for non-compliance ranging from ₹10,000 to ₹250 crores, depending on the nature of the violation. The penalties are categorized based on the severity of the violation, ranging from fines for individual breaches to significant penalties for security and data breach violations.

To know more about the categories of Significant Data Fiduciaries and the clauses, email  us on mahesh@principles.co.in , shinajsk@principles.co.in .