This content is restricted.
Brief
Summary:
The Digital Personal Data Protection Act, 2023 (DPDPA) is India's first comprehensive data protection regulation, aiming to recognize individuals' right to protect their data while balancing the need for data processing under certain grounds. The Act applies to organizations processing personal data in digital form, excluding physical form. Key features include:
Definitions of new terms, such as Data Fiduciaries, Data Principals, and Data Processors
Grounds for processing personal data: lawful purpose, consent, and legitimate uses
Notice and consent framework, with Consent Managers facilitating the process
Obligations of Data Fiduciaries, including ensuring data accuracy, security, and deletion
Rights of Data Principals, including access, correction, grievance redressal, and nomination
Exemptions, including government instrumentalities and research-related activities
Data breach notification and penalties, with fines up to INR 250 Crore
Appointment of Data Protection Officers and Data Protection Impact Assessments (DPIAs) for Significant Data Fiduciaries
* Penalties for non-compliance, including fines up to INR 200 Crore
The DPDPA aims to overhaul the standard of data protection in India, requiring organizations to prepare in advance to ensure business interests are not hampered.
Highlights content goes here...
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested
