What is DPDPA (Digital Personal Data Protection Act)?
The Digital Personal Data Protection Act is India's comprehensive data privacy law enacted in 2023, governing the processing of digital personal data with an emphasis on consent, data fiduciary obligations, and the rights of data principals.
The Digital Personal Data Protection Act (DPDPA) is India's landmark privacy legislation that establishes a framework for processing digital personal data. It applies to personal data collected in digital form or digitized after collection, covering both data processed within India and data processed outside India if it relates to offering goods or services to individuals in India.
The DPDPA introduces the concept of Data Fiduciaries (entities that determine the purpose and means of processing) and Data Principals (the individuals whose data is processed). It mandates that processing must be based on consent or certain legitimate uses, and grants Data Principals rights including the right to access information, correction and erasure, grievance redressal, and nomination. The Act also creates the Data Protection Board of India as the enforcement authority.
Significant Data Fiduciaries face additional obligations including appointing a Data Protection Officer based in India, conducting Data Protection Impact Assessments, and periodic audits. Penalties for non-compliance can reach up to 250 crore rupees (approximately 30 million USD). Organizations operating in India should leverage platforms like IQWorks to automate consent management through ConsentIQ and ensure comprehensive data discovery with DiscoverIQ to meet DPDPA requirements.
How IQWorks Helps
Related Terms
Data Fiduciary
A Data Fiduciary under India's DPDPA is any person or entity that alone or in conjunction with others determines the purpose and means of processing digital personal data, analogous to a data controller under the GDPR.
Data Principal / Data Subject
A Data Principal (under India's DPDPA) or Data Subject (under the GDPR) is the individual whose personal data is being collected, processed, or stored by an organization.
Significant Data Fiduciary
A Significant Data Fiduciary is a designation under India's DPDPA for Data Fiduciaries that process large volumes of personal data, carrying additional obligations including appointing a DPO and conducting impact assessments.
DPDPA Chapter III (Rights of Data Principal)
Chapter III of India's DPDPA establishes the rights of Data Principals including the right to information, correction, erasure, grievance redressal, and nomination, forming the core of individual data protection under Indian law.
Consent Management
Consent management is the systematic process of obtaining, recording, tracking, and managing individuals' consent for the collection and processing of their personal data in compliance with privacy regulations.