14/01/2025
Few key points of Digital Personal Data Protection Act (DPDPA), India.
The Digital Personal Data Protection Act, 2023 (DPDPA) of India establishes a framework for the processing of digital personal data while safeguarding individuals' rights. Below are five key points of the Act:
1. Consent-Centric Approach:
->The Act mandates that personal data be processed only after obtaining clear, informed, and unambiguous consent from the data principal (individual).
->Consent can be withdrawn at any time, and data fiduciaries must ensure mechanisms for easy withdrawal.
2. Rights of Data Principals:
Individuals have several rights concerning their personal data, including:
->Right to Access Information: Obtain details about data processing and access their personal data.
->Right to Correction and Erasure: Request corrections to inaccurate data or deletion of their data.
->Right to Grievance Redressal: File complaints if data protection rights are violated.
3. Duties of Data Fiduciaries:
Organizations (data fiduciaries) collecting personal data must ensure:
->Transparency in data processing activities.
->Purpose limitation—data should only be processed for specified purposes.
->Adequate data security measures to prevent breaches.
Significant Data Fiduciaries (handling large volumes or sensitive data) are subject to additional obligations, such as appointing a Data Protection Officer (DPO).
4. Cross-Border Data Transfers:
The Act permits the transfer of personal data to countries notified by the Central Government as providing adequate data protection safeguards.
5. Penalties and Compliance:
->Non-compliance with the Act can result in hefty penalties, up to ₹250 crore for serious violations.
->A Data Protection Board of India is established to oversee compliance, adjudicate grievances, and impose penalties.
The DPDPA aims to strike a balance between individual privacy rights, organizational responsibilities, and the growth of the digital economy in India.
