Hello there!
Need Help? We are right here!
Need Help? We are right here!
Search Results:
×
The Digital Personal Data Protection Act (DPDPA) of 2023 is India’s key legislation for safeguarding personal data in the digital age. It also introduces penalties for data breaches and establishes the Data Protection Board as the enforcement authority. The Act is part of India’s broader effort to enhance digital privacy and security.
India’s privacy law differs from GDPR and similar regulations in that it doesn’t specifically define what can be categorized as sensitive data. However, the government may introduce classifications for personal data categories in the future. The enforcement of the DPDP Act is overseen by the Data Protection Board (DPB), with the Telecom Disputes Settlement and Appellate Tribunal serving as the body for handling appeals.
Data Fiduciaries have several key responsibilities under the DPDP Act to ensure the protection and proper handling of personal data:
Collect only the data necessary for the specific purpose, and delete it when it is no longer needed or when consent is withdrawn. Ensure that Data Processors do the same.
Use personal data only for the purpose for which consent was obtained. However, processing without express consent is allowed if the data was provided voluntarily and no objection to its processing was made.
Provide clear, accessible privacy notices in English and other languages listed in the 8th schedule of the Indian Constitution. These notices should include details about the data collected, its purpose, consumer rights, and procedures for revoking consent and filing complaints.
Obtain and manage consent from Data Principals before processing their data, unless processing is for legitimate purposes or is exempted by the Act. The process for withdrawing consent should be straightforward and convenient.
Implement strong technical and organizational safeguards to prevent data breaches and ensure compliance with privacy laws. In case of a breach, report the incident to the Data Protection Board and notify affected individuals within a reasonable timeframe.
Adhere to any government restrictions on transferring data to specific countries and ensure all third parties involved in data processing comply with the DPDP Act.
| Category | India DPDP Act | EU GDPR |
|---|---|---|
| Enforcement Authority | Data Protection Board (DPB) | European Data Protection Board (EDPB), EU Commission, and National Data Protection Authorities |
| Applicability | Applies to anyone processing digital personal data within India, or overseas if offering goods or services to people in India. | Applies to any entity processing personal data (including non-digital) of individuals in Europe, regardless of where the company is based. |
| Rights of Individuals | - Right to access - Right to erasure - Right to correct, update, and complete - Right to withdraw consent - Right to grievance redressal - Right to nominate |
- Right to access - Right to delete - Right to portability - Right to object - Right to correct - Right to restrict processing |
| Consent | Must be free, specific, informed, unambiguous, and unconditional. | Must be free, specific, informed, and unambiguous. |
| Verifiable Consent | Required for children and persons with disabilities. | Required for children. |
| Lawful Basis for Processing | - Consent - Legitimate interest |
- Consent - Contractual obligation - Legal obligation - Vital interests - Public task - Legitimate interests |
| Data Breach Notification | All breaches must be reported. | Only breaches that threaten the rights and freedoms of data subjects must be reported. |
| Right to Data Portability | No right to portability. | Individuals have the right to portability. |
| Private Right of Action | Yes, individuals can take legal action. | No private right of action. |
| Penalties | Penalties can reach up to INR 250 crore (~ €27.6 million). | Penalties can be up to €20 million or 4% of annual global turnover, whichever is higher. |
miniOrange provides comprehensive solutions that align with the requirements of the Digital Personal Data Protection Act (DPDPA) of 2023. With a focus on Identity and Access Management (IAM), miniOrange ensures that organizations can securely manage and protect personal data, adhering to the principles of data minimization, purpose limitation, and consent management.
Our tools include advanced security measures like Multi-Factor Authentication (MFA), Sign-On (SSO), and Access Management (PAM), helping businesses prevent data breaches and comply with both Indian and global data privacy regulations. Additionally, miniOrange offers robust compliance management features that assist in responding to data principal requests, managing verifiable consent, and ensuring the accuracy and integrity of data, all while minimizing the risk of penalties under the DPDP Act.
Years of Experience
Customers Worldwide
Customer Support
Cost Saved
