India has recently enacted a new privacy law called the Digital Personal Data Protection Act, 2023 (DPDP Act), which will replace certain provisions of existing legislation. The law will come into effect on a date to be determined the central government, and businesses will need to ensure compliance with current laws while preparing for the new legislation.
Key Features of the DPDP Act
One of the key features of the DPDP Act is its application to the processing of digital personal data. This includes data in digital form that can identify an individual. The law applies to the processing of digital personal data in India, as well as outside of India if it is connected to offering goods or services to individuals residing in India.
The DPDP Act imposes several obligations on data controllers, who are referred to as “data fiduciaries”. These obligations include obtaining consent from data subjects to process their personal data, providing notice to data subjects about the collection and processing of their data, maintaining records of consent, and implementing reasonable security safeguards to prevent data breaches. Data controllers are also required to report any personal data breaches to affected individuals and the Data Protection Board of India.
The DPDP Act also grants rights to data subjects, including the right to access their personal data, correct or delete inaccurate data, and seek grievance redressal. An independent body, the Data Protection Board of India, will be established to oversee compliance with the DPDP Act, impose penalties, investigate data breaches, and resolve grievances.
India’s new privacy law, the Digital Personal Data Protection Act, will have significant implications for businesses processing personal data in India. It introduces stricter requirements for obtaining consent, implementing security measures, and reporting data breaches. It also grants individuals more control over their personal data and establishes a regulatory authority to ensure compliance with the law. It is important for businesses to understand and adapt to the provisions of the DPDP Act in order to comply with the new requirements and protect the privacy rights of individuals.
– Digital Personal Data: Data in digital form that can identify an individual
– Data Controllers: Individuals or organizations responsible for processing personal data
– Data Subjects: Individuals whose personal data is being processed
– Data Fiduciaries: Data controllers as defined the DPDP Act
– Data Principals: Data subjects as defined the DPDP Act
– Consent Manager: Registered individual or entity responsible for managing consent requests
– Data Protection Board of India: Independent body established to oversee compliance with the DPDP Act
– Computer Emergency Response Team: Existing Indian government entity responsible for cybersecurity
– Digital Personal Data Protection Act, 2023 (DPDP Act)