The Digital Personal Data Protection (DPDP) Act, 2023 applies to the processing of digital personal data within the territory of India collected online or collected offline and later digitized. It is also applicable to processing digital personal data outside the territory of India, if it involves providing goods or services to the data principals within the territory of India.

The kind and volume of personal data that is gathered, stored, processed, retained, and eliminated in India means that the act is anticipated to affect most organizational areas, including legal, IT, human resources, sales and marketing, procurement, finance, and information security. Therefore, in light of the DPDP Act, 2023, organizations in these and related sectors need to create a robust program for implementing data privacy and protection.

For the sake of compliance, the following definitions are important to know:

  1. Personal Data : Any data about an individual who is identifiable by or in relation to such data.
  2. Digital Personal Data: Personal data in digital form. Even “scanned paper records” also become “digital personal data”.
  3. Data : Data means a representation of information, facts, concepts, opinions or instructions in a manner suitable for communication, interpretation or processing by human beings or by automated means.
  4. Data Fiduciary: Data Fiduciary means any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data. They are responsible and accountable for protection of personal data collected/created by them, or shared with them.
  5. Data Processor: Data Processor means any person who processes personal data on behalf of a data fiduciary. They are responsible and liable for the protection of personal data, captured by them, or shared with them, in relation to the business agreement with the Data Fiduciary.

The penalty clause in the DPDP Act is another noteworthy aspect. Data fiduciaries who violate the provisions face fines of up to INR 250 crore.

In our upcoming article, we will throw more light on the nitty gritty of this upcoming law. This act, which will be in force once the Government Of India publishes a notification in the Official Gazette, is a landmark piece of legislation that gives Indian citizens similar rights to privacy as those enjoyed by European residents.

Businesses need to start getting ready for cybersecurity so that they can handle and manage customer data in a way that is both compliant and safe. Given the current scarcity of cybersecurity experts, sophisticated, AI-powered automated solutions will be necessary to complete the task.

, , , , , , ,