Scribd
Upload
9 views

DPDP

Uploaded by

shalinityagi112
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
9 views

DPDP

Uploaded by

shalinityagi112
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

Keynote

Presentation

The Digital Personal


Data Protection Act,
2023
Adv. (Dr.) Prashant Mali
Cyber & Data Protection
Lawyer www.prashantmali.com
Applicability of The DPDP Personal data

2023 processed by an
individual for
domestic Data Principal
purpose
Not Applicable
Personal data that
is made or cause to
be made publicly Authorised Person
available by:

Digital Personal
Data Protection Act
2023
Applies to the
processing of Digital
personal data outside
the territory of India
In Digital Form
Applicable

In Non- To the processing of


digital personal data
Digital form
within the territory of
which is later Source: Cyber Law
India where personal data
digitised. is collected. Consulting
(Advocates & Attorneys)
What is Personal Data?
The Digital Personal
Data Protection Act,
The provisions of the DPDP Act are
applicable to all types of personal
2023 defines “Personal
Data” as any data about
data and do not distinguish between
sensitive personal data and critical
personal data. Consequently, the
requirements of the DPDP Act will be
applicable to all forms of personal
data, regardless of their nature or
an individual who is
classification. This approach departs
from the current Indian data
protection law contained in the SPDI
identifiable by or in
Rules, which distinguishes between
"personal information" and "sensitive relation to such data.
personal data or information" and
prescribes progressive compliance
requirements for the processing of
sensitive personal data or
information. Source: Cyber Law
Consulting
(Advocates & Attorneys)
Source: Cyber Law
Consulting
(Advocates & Attorneys) COMPARISON
General Data Protection Regulation Digital Personal Data Protection Act
(GDPR) (DPDP)
All k ind s o f Personal D a t a is c ove re d O n l y Dig it a l Personal D a t a is c overed
Applicability
b y t he G D P R . b y the D P D P.

13-16 years, d e p e n d i n g o n the A c c o r d i n g to D P D P the m i n i m u m


A g e for Co n s e n t age f o r c o ns ent is 18 years
m e m b e r state laws.

Sensitive Personal data is c ove re d by Sensitive Personal D a t a is n o t d e f i n e d


the G D P R . It is d e f i n e d b y Art . 9 Sensitive Data i n the D P D P.

Art . 5 o f G D P R lays d o w n 7 data


Data Processing Principles D P D P m e n t i o n s n o s uc h principles
pro cess ing principles.

G D P R m a n d a t e s strict Da t a T h e c o n c e p t o f D a t a L o c a lis a t io n is
Data Localisation
Localisation. n o l o n g e r i n c l u d e d i n the D P D P.

2 - 4% o f wo rldwid e a n n u a l tu rnove r or Penalties u n d e r the D P D P are c a p p e d


Penalties
10-2 0 m i l l i o n E U R (whichever is higher) at 250 crores.

Penalties credited to affected data subjects Penalties credited to G ove r n m e n t o f India


OBLIGATIONS OF
DATA FIDUCIARY AND SIGNIFICANT DATA
FIDUCIARY
ENSURE ACCURACY OBLIGATIONS OF
DATA
OF DATA DATA FIDUCIARY APPOINTMENT OF
BREACH:
DATA PROTECTION
PREVENTION &
OFFICER
NOTIFICATION

DEVELOPE AN DATA SIGNIFICANT


EFFECTIVE FIDUCIARY CONDUCT DATA DATA
GRIEVANCE OBLIGATIONS PROTECTION FIDUCIARY
REDRESSAL DATA IMPACT OBLIGATIONS APPOINTMENT
MECHANISM RETENTION FOR ASSESSMENT OF
ONLY AS LONG INDIPENDENT
AS REQUIRED DATA
PUBLISH CONTACT AUDITOR
DETAILS OF PERSON PERIODIC
RESPONSIBLE FOR INDEPENDENT DATA
HANDLING DATA AUDIT
PRINCIPAL REQUESTS

DIGITAL PERSONAL DATA PROTECTION ACT 2023


Source: Cyber Law
Consulting
(Advocates & Attorneys)
Significant Data
Fiduciaries
THE CENTRAL GOVERNMENT MAY NOTIFY
ANY DATA FIDUCIARY OR A CLASS OF DATA FIDUCIARIES AS SIGNIFICANT DATA
FIDUCIARIES

Factors considered
are:

The volume Risks to the Potential Risk to Security of Public Order


and rights of Data impact on Electoral the State
sensitivity of Principal the democracy
personal data sovereignty
processed and integrity
of India
Source: Cyber Law
Consulting
Sec. 4 (1) (a)

When the Data Principal provides


consent.

Sec. 4 (1)
(b)
For any legitimate use mentioned in Sec.
Grounds for 7 of the Act.

Personal
Processing Sec. 4

Data
(2)
For a “lawful purpose” in other terms
for any purpose that is not expressly
forbidden by law.
Source: Cyber Law
Consulting
(Advocates & Attorneys)
Conditions for Notice under DPDPA
2023
Where consent was
The notice must obtained before the
SEC. commencement of the
inform the data
principal about:
5(1) Act:
(1)The personal (a)the Data
data and proposed Fiduciary must as
SEC. purpose for SEC. soon as
5(1) Notice 5
processing. (2) reasonably
(2)The practicable provide a
manner in which
SEC. SEC. notice to the Data
she might 5 5 Principal
exercise her (2) (3) (b)Data fiduciary
rights. may continue to
(3) The manner in process
which a compliant can personal data unless
The Data Principal must be given the option to access
be made to the Board SEC. 5 the consent is
the contents of the notice in English or any language (3)
withdrawn Cyber Law
Source:
mentioned in the 8Th schedule of the Constitution Consulting
(Advocates & Attorneys)
Source: Cyber Law Failure to take
Consulting
reasonable security
(Advocates & Attorneys)
01 safeguards to May extend to 250 Crores

prevent personal
data breach [Sec. 8
(5)]
Failure to notify

Penalties the Board or the


Data May extend to 200 Crores
02 Principal about
under DPDPA personal data
breach

2023 [Sec. 8 (6)]


Failure to observe
03 additional obligations May extend to 200 Crores
Note: Definition of Personal Data Breach: regarding children’s
data [Sec. 9]
Any unauthorized processing of personal data or
accidental disclosure, acquisition, sharing, use,
alteration, destruction or loss of access to Failure to observe
personal data, that comprises the confidentiality, 04 additional obligations May extend to 150 Crores
integrity or availability of personal data. of Significant Data
Fiduciary [Sec.10]
Breach in May extend to INR. 10,000
05
observing duties
under Sec. 15

Penalties Breach of any term of


Upto the extent applicable
for the breach in respect of
under DPDPA 06 voluntary undertaking
accepted by the
which the proceedings
under Sec. 28 were

2023 Board under Sec. 32 instituted

Breach of any other


07 provision or rule of May extend to 50 Crores
the Act

Source: Cyber Law


Consulting
(Advocates & Attorneys)
Thank
You
Email: [email protected]
[email protected]
Contact No.: +91 9821763157

https://in.linkedin.com/in/prashantmali
@AdvPrashantMali

advprashantmali
@AdvPrashantMali

You might also like