THE DIGITAL PERSONAL DATA PROTECTION (DPDP) ACT, 2023
The Digital Personal Data Protection (DPDP) Act, 2023, represents a significant step for India in the realm of data protection. As India’s first comprehensive data protection law, the DPDP Act establishes a robust legal framework for managing personal data within and outside the country, emphasizing the protection of digital personal data processed by entities operating in India. This is particularly relevant in our technology-driven age, where data privacy is crucial for both individuals and organizations.
► Key Features of the DPDP Act, 2023:
Application and Scope: The DPDP Act applies to all processing of digital personal data collected both online and offline, as long as the data is digitized. It also extends to entities outside India that process personal data in the context of offering goods or services to individuals within India.
Significant Data Fiduciary (SDF): The act introduces the concept of a Significant Data Fiduciary based on the volume and sensitivity of data processed. SDFs are required to fulfill specific responsibilities such as appointing a Data Protection Officer in India, conducting Data Protection Impact Assessments, and ensuring audits by independent data auditors.
Citizens’ Rights: The Act enhances the rights of individuals (referred to as data principals) by granting them various controls over their personal data. These rights are central to empowering citizens and ensuring their data is handled responsibly.
Penalties: The Act outlines severe penalties for non-compliance, with fines reaching up to INR 250 crore for various breaches. These stringent penalties underscore the seriousness of adhering to the data protection standards set forth in the Act.
Exclusions: Certain types of data are excluded from the Act's provisions, such as non-automated personal data, offline data not digitized, and data existing for more than 100 years.
Sectoral Impact: The DPDP Act affects numerous sectors that handle significant amounts of personal data, such as legal, IT, human resources, and marketing. Companies in these sectors must develop comprehensive data protection programs to comply with the new regulations.
The DPDP Act's introduction is a pivotal moment for data protection in India, signaling a shift towards more stringent data governance and privacy practices. Organizations operating within its jurisdiction will need to assess and possibly overhaul their current data handling procedures to align with the new legal landscape.
SRIRAM’s
Share:
Get a call back
Fill the below form to get free counselling for UPSC Civil Services exam preparation