Compliance

Digital Personal Data Protection Act.(DPDPA)

India's first comprehensive law for protecting the digital personal data of its residents.

kaykay
Sep 24, 2025 - 10:15
 0  3
Digital Personal Data Protection Act.(DPDPA)

DPDPA was passes in August  2023 . This act aims to give individuals more control over their data while holding organization accountable for its responsible handling.

Key Definations 

Data Fiduciary : Any person or organization who is collecting the personal data for data processing.

Data Principle : The person whoes personal data have been collected.

Significant Data Fiduciary : The organization with high volume of data.

Data Localisation : Certain categories of personal data to be processed in India only.

Data Sovereignty : Data is subject to the laws and governance structures within the nation where it is collected or stored.

Core Principles of DPDPA

  • Explicit and informed consent : Data fiduciaries must obtain clear and specific consent from data principle before collecting or processing their personal data.
  • Purpose Limitation and Data minimization : Data fiduciaries can only collect data which is necessary for specific and lawful purpose,.
  • Data Principle Rights : Data fiduciaries must respect and save the rights of Data principle.
  • Accountability : Data fiduciaries are responsible for protecting personal data and must provide grivance redressal mechanism.

Rights of Data Principle 

  1. Right to correction and erasure of personal data.
  2. Right of grievance redressal.
  3. Right to Nominate : Data principle can choose a nomine who will excersise all the rights of data principle in case of death or incapacity

Responsibility of Data Fiduciary 

  • The personal data and purpose for which the same is proposed to be processed.
  • The data must be store for a limited amount of time(3years) . But if Data principle ask data fifuciary to erase data before 3 years they have to delete it.
  • Data fiduciary before processing any personal data of a child or a person with disacility who have a lawful guardian should obtain consent from gardian.
  • Personal data must be processed fairly for a lawful purpose and with individual,s consent.
  • Respect rights of data principle 
  • Must do an data protection impact assessment.

Penalties under DPDP

  • Rupees 10000 for Violation of duties by Data Principals (e.g., providing false information)
  • Rupees 100 crore for Failure to cease unlawful processing upon withdrawal of consent.
  • Rupees 50 crore for Failure to comply with data principal’s rights (access, correction, grievance redressal, etc.)
  • Rupees 200 crore for Violation of obligations related to children's data.
  • Rupees 200 crore for Personal data breach and failure to notify the Board and affected Data Principals.
  • Rupees 250 crore for Failure to take reasonable security safeguards to prevent a personal data breach

Tags:

kay
kay

Related Posts

General Data Protection Regulation

General Data Protection Regulation

kay Sep 11, 2025  0  3

Incident Report

Incident Report

kay Sep 25, 2025  0  2

Personal Information Protection and Electronic Documents Act (PIPEDA)

Personal Information Protection and Electronic Document...

kay Sep 12, 2025  0  4

NIST Cyber Security Framework

NIST Cyber Security Framework

kay Sep 19, 2025  0  2

ISO/IEC 27001 AND ISMS

ISO/IEC 27001 AND ISMS

kay Sep 17, 2025  0  1

System and organization controls (SOC 2)

System and organization controls (SOC 2)

kay Sep 15, 2025  0  9