DPDP Compliance Guide: What India's Data Protection Law Means for Your Business
Understanding DPDP Act 2023
The Digital Personal Data Protection (DPDP) Act 2023 represents India's most comprehensive data protection legislation, establishing rights for data principals and obligations for data fiduciaries.
Key Provisions
Data Principal Rights
Under DPDP, individuals have the right to access information about their personal data, the right to correction and erasure, and the right to nominate a representative in case of death or incapacity.
Consent Requirements
Organizations must obtain clear, specific consent for data processing. Consent requests must be in plain language and allow granular opt-in for specific purposes.
Data Fiduciary Obligations
Data fiduciaries must implement reasonable security measures, notify the Data Protection Board and affected individuals in case of breaches, and ensure data accuracy.
Significant Data Fiduciaries
Organizations designated as Significant Data Fiduciaries face additional obligations including data protection impact assessments, data audits, and appointment of a Data Protection Officer.
Compliance Roadmap
- Data mapping and inventory
- Privacy notice updates
- Consent management implementation
- Breach response procedures
- Staff training programs
Penalties
Non-compliance can result in penalties up to ₹250 crore for a single violation. Board findings can result in penalties up to ₹10,000 crore in aggregate.
