About DPDPA - comply✓dpdpa.com

What is the DPDPA?

The Digital Personal Data Protection Act, 2023 (DPDPA) is India's comprehensive data protection legislation that establishes a framework for the processing of digital personal data in India.

The Act recognizes the right of individuals to protect their personal data and the need to process such personal data for lawful purposes. It sets out obligations for organizations (data fiduciaries) that process personal data and rights for individuals (data principals) whose data is being processed.

Key Provisions

Individual Rights

The Act grants individuals several rights including:

Right to access personal data
Right to correction and erasure
Right to grievance redressal
Right to nominate a representative

Organizational Obligations

Data fiduciaries must:

Obtain consent before processing
Implement security safeguards
Notify data breaches
Appoint a Data Protection Officer (if required)

Consent Requirements

Consent must be:

Free, specific, informed, and unambiguous
Given for a specific purpose
Capable of being withdrawn
Obtained through clear notice

Penalties

Non-compliance can result in:

Fines up to ₹250 crores
Additional penalties for breaches
Legal action by data principals
Reputational damage

Who is Covered?

Data Fiduciaries

Any person, company, or entity that determines the purpose and means of processing personal data. This includes:

Businesses processing customer data
Employers processing employee data
Service providers handling user data
Government entities processing citizen data

Data Principals

Individuals whose personal data is being processed. They have rights under the Act including:

Right to know what data is collected
Right to access their data
Right to correct inaccurate data
Right to delete their data
Right to withdraw consent

Ready to Ensure Compliance?

Take our self-assessment or request a consultation to understand your compliance requirements.

Start Self-Check Request Consultation

About the DPDPA