Scribd
Upload
54 views

UnComplycate The Digital Personal Data Protection Act - Compliances

The Digital Personal Data Protection Act establishes guidelines for processing personal data in India. It aims to protect individuals' data while allowing for legitimate data use. The Act is based on seven principles including transparency, purpose limitation, and data security. It categorizes stakeholders as Data Principals (individuals) and Data Fiduciaries (entities collecting data). The Act grants rights to Data Principals like accessing their data and requires Data Fiduciaries to obtain consent, ensure protections, respond to grievances, appoint data officers, and notify about breaches. Non-compliance can result in penalties up to 250 crore rupees.

Uploaded by

Shubhra Shastri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
54 views

UnComplycate The Digital Personal Data Protection Act - Compliances

The Digital Personal Data Protection Act establishes guidelines for processing personal data in India. It aims to protect individuals' data while allowing for legitimate data use. The Act is based on seven principles including transparency, purpose limitation, and data security. It categorizes stakeholders as Data Principals (individuals) and Data Fiduciaries (entities collecting data). The Act grants rights to Data Principals like accessing their data and requires Data Fiduciaries to obtain consent, ensure protections, respond to grievances, appoint data officers, and notify about breaches. Non-compliance can result in penalties up to 250 crore rupees.

Uploaded by

Shubhra Shastri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Key compliances under the Digital Personal Data Protec on Act, 2023

The Digital Personal Data Protec on Act, 2023 (the Act) has been introduced to establish guidelines for the processing of Digital Personal
Data in a manner that upholds individuals' right to safeguard their personal informa on, while also recognizing the necessity of processing
such data for legi mate purposes. The Act applies to personal data, which is collected in digital form or non‐digital data which is digi zed
subsequently and represents a comprehensive effort to balance the protec on of personal data with the promo on of a thriving digital
landscape in India.

Principles of the Act

The Act is based on the following seven principles:


 Transparency: Consented, lawful and transparent use of personal data
 Purpose limita on: Use of personal data only for the purpose specified at the me of obtaining consent of the Personal Data provider
 Data minimiza on: Collec on of only as much personal data as is necessary to serve the specified purpose
 Data accuracy: Ensuring data is correct and updated
 Storage limita on: Storing data only ll it is needed for the specified purpose
 Security safeguards: Ensuring safety of personal data being collected
 Accountability on data breaches: Imposi on of penal es for the breaches

Key stakeholder categories under the Act

Data protec on encompasses a range of privacy laws, regula ons, and prac ces designed to minimize privacy breaches resul ng from the
collec on, storage, and sharing of personal data. Any data or informa on that could be employed to iden fy a specific individual, whether
obtained by a commercial en ty, corpora on, or other organiza on, is referred to as ‘Personal Data’. Broadly speaking, the Act categorizes
all stakeholders in the data collec on, processing and storage ecosystem into two categories:
 Data Principals: This refers to the individual from whom Personal Data is being collected. In cases where the individual is:
- A child, this encompasses the parents or legal guardian of said child
- A person with disabili es, this includes her lawful guardian, ac ng on her behalf
 Data Fiduciaries: This refers to any person, en ty or agency collec ng personal data from the Data Principal. Examples of Personal Data
being procured by Data Fiduciaries:
- Banking & investments, e‐commerce & social Media websites and applica ons
- Issuance of Appointment Le ers & on‐boarding of employees
- Invoicing purposes
- Life Insurance purchase
- Medical transac ons
- Obtainment of registra ons & licenses

Rights and obliga ons of Data Principals and Data Fiduciaries under the Act

Rights of Data Principal under the Act


 Right to obtain a summary of personal data which is being processed
 Right to obtain any other informa on related to the personal data provided
 Right to correc on, comple on, upda ng and erasure of personal data
 Right to grievance redressal
 Nomina on rights in event of death or incapacity of the Data Principal
Compliance obliga ons of Data Fiduciaries
 Collec on of Personal data – Consent from Data Principal: For collec on of personal data from the Data Principal, the Data Fiduciary
must provide a no ce detailing the purpose of collec ng personal data and in mate the rights en tled to the Data Principal upon
providing Personal Data. Specific, informed, uncondi onal and unambiguous consent must be obtained from the Data Principal before
using the Personal Data being procured.
NOTE: Erase personal data when it is no longer needed for the specified purpose or in cases where consent has been withdrawn by the
Data Principal
 Protec on of Personal Data: Adequate safety measures should be in place to prevent breaches of personal data when engaging,
appoin ng, or using external agencies for processing of this personal data.
 Grievance Redressal System: Establish effec ve Grievance Redressal mechanisms to address the grievances of Data Principal.
 Data Protec on Officer: Appoint and publish the business contact informa on of a Data Protec on Officer to answer the ques ons, if
any, raised by the Data Principal about the processing of personal data.
 Data Auditor: Regularly conduct audits through a Cer fied Auditor to evaluate the compliance of the Data Fiduciary.
 Data Protec on Impact Assessment: Assessment and management of the risk to the rights of the Data Principals.
 Data Breaches: In ma on to the Data Protec on Board of India (when cons tuted) and to each affected individual (Data Principal)
for breach of Data.
Penalty under the Digital Personal Data Protec on Act, 2023
 In case of breach of any of the provisions of the Act, penalty may vary from INR 50 to 250 crore.

This Act addresses concerns voiced by the different stakeholders and has a plethora of safeguards built in, such as prohibi on on data
processing that poses risks to children's well‐being, including tracking, behavioral monitoring, or targeted adver sing involving them. In
keeping with the mes, the Act seeks to eliminate gender bias u lizing the pronoun ‘she’ for the very first me, instead of ‘he’ to address
individuals. The Act will compel businesses to think through the compliance obliga ons in order to avoid adverse consequences.

You might also like