Digital Personal Data Protection (DPDP) Act, India
Understanding India's Landmark Data Privacy Law
Introduction to DPDP Act
Comprehensive Framework
India's first comprehensive data protection law passed in 2023, aiming to protect personal data while enabling digital growth.
Global Inspiration
Based on international frameworks like GDPR (EU) but specifically tailored for India's unique digital landscape.
Why DPDP Act?
Rising Digital Risks
Increasing digital transactions and data breaches highlighted the need for stronger protection beyond the IT Act, 2000.
Constitutional Recognition
The Supreme Court's landmark 2017 judgment in Justice K.S. Puttaswamy case recognized Right to Privacy as a fundamental right.
Key Definitions
Data Principal
Individual whose data is processed (e.g., users, customers).
Data Fiduciary
Entity processing data (e.g., companies, government).
Consent
Must be free, informed, specific, and revocable.
Significant Data Fiduciary
Large-scale processors with additional obligations.
7 Key Principles of DPDP
Lawful, Fair & Transparent
Processing must follow legal requirements with clear disclosure.
Purpose Limitation
Data used only for specified purposes.
Data Minimization
Collect only necessary information.
Accuracy
Maintain correct and updated data.
Storage Limitation
Retain data only for required period.
Security Safeguards
Implement measures to prevent breaches.
Accountability
Fiduciaries responsible for compliance.
Rights of Individuals (Data Principals)
Right to Access
Individuals can request to see what personal data is being processed.
Right to Correction & Erasure
Ability to update inaccurate data or request deletion.
Right to Grievance Redressal
Process to address complaints about data handling.
Right to Nominate
Appoint a representative in case of incapacity or death.
Obligations of Organizations
Appoint Data Protection Officer
Significant fiduciaries must designate a DPO to oversee compliance.
Notify Breaches
Report data breaches to authorities and affected users promptly.
Privacy by Design
Embed data protection safeguards into systems from inception.
Data Protection Impact Assessment
Conduct DPIA for high-risk processing activities.
Penalties for Non-Compliance
Exemptions
Government Agencies
National security and public order
Research/Archival Purposes
Academic and historical preservation
Manual Processing
Non-digital data handling
Impact on Businesses
Advantages
- Boosts user trust
- Ensures global compliance
- Creates data governance standards
Challenges
- Increased compliance costs
- Need for restructuring data systems
- Implementation complexities
Comparison with GDPR
DPDP covers personal data while GDPR includes both personal and sensitive data. DPDP penalties reach ₹250 crore versus GDPR's €20M or 4% turnover. DPDP requires parental consent for under 18, while GDPR sets the threshold at 16.
Challenges & Criticisms
Government Exemptions
Broad exemptions for government agencies may undermine privacy protections.
Enforcement Clarity
Mechanisms for implementation and enforcement need further clarification.
SME Burden
Small and medium enterprises face disproportionate compliance costs.
Next Steps for Compliance
1
Audit
Review current data collection practices and identify gaps.
2
Update Policies
Revise privacy policies and implement valid consent mechanisms.
3
Train Employees
Educate staff on DPDP requirements and compliance procedures.
Conclusion
Privacy Protection
DPDP represents a significant step forward for privacy rights in India
Balanced Approach
Aims to protect individual rights while enabling digital innovation
Stakeholder Preparation
All parties must prepare for compliance requirements
Q&A
Thank you! Any questions?
Contact Us
Phone Numbers +91-8070480704,+91-9820571396
+91-8070480704, +91-9820571396
Email €;- TIWARIMAHENRA@GMAIL.COM
Address :- SHOP NO. 11, G-10, Janta Housing Complex, JesL Prk, Bhayander (east), Thane - 401105.
Shop No.10, G-10, Janta Housing Complex, Jesal Park, Bhayanader (East), Thane - 401105