The Digital Personal Data Protection Act, 2023 (DPDPA-2023) is a significant legislation in India that addresses the processing of digital personal data.
In August 2023, the Indian government formally enacted the DPDPA-2023 after its approval from both houses of the Indian Parliament. This marks a significant milestone as India’s first-ever privacy Act aimed at safeguarding the personal data of citizens.
The DPDPA-2023 recognizes both the right of individuals to protect their data and the need to process such data for lawful purposes. It applies to personal data collected in digital form or data collected in non-digital form but later digitized.
The act also has extraterritorial applicability, covering processing that occurs outside India but is connected to offering goods or services to Indian data subjects.
The act aims to protect the privacy and rights of data subjects. It establishes a comprehensive framework for the collection, storage, usage, and protection of personal data. Data controllers must adhere to specific principles and obligations regarding data processing.
Rights of Data Subjects: The DPDPA-2023 grants data subjects several rights, including:
The right to access personal data.
The right to rectify inaccuracies.
The right to erasure (right to be forgotten).
The right to data portability.
The right to restrict processing.
The right to object to processing.
The act defines the roles of data controllers (entities that determine the purpose and means of processing) and data processors (entities that process data on behalf of controllers). Controllers must ensure compliance with data protection principles and obtain informed consent from data subjects.
The DPDPA-2023 mandates that certain categories of personal data must be stored and processed only within India. This provision aims to enhance data security and sovereignty.
Organizations must promptly report any personal data breaches to the relevant authorities and affected data subjects. The act specifies the procedures for reporting and handling breaches.
Non-compliance with the DPDPA-2023 can result in significant penalties. The act establishes a Data Protection Authority responsible for enforcement, investigations, and monitoring.
The DPDPA-2023 sits alongside other new digital policy initiatives, including the Indian Telecommunications Act, the Digital India Act, and the National Data Governance Policy.
While it does not set out a defined transition period, the provisions of the DPDPA-2023 are expected to become effective in a phased manner.
In summary, the Digital Personal Data Protection Act of 2023, seeks to strike a balance between individual privacy rights and legitimate data processing needs, ensuring a robust data protection regime in India.
Subscribe to Zinkpot Capital on YouTube for videos and more such content. Click here
Comments
Write Comment