The Digital Personal Data Protection Act (DPDPA), 2023, commonly known as the 'Privacy Law' or the 'Data Protection Law', received the Honourable President's approval on August 11, 2023. This landmark legislation focuses on ensuring accountability in handling digital personal data and emphasises the importance of explicit and transparent consent for data collection, processing, and storage. The Act represents a paradigm shift that will redefine how businesses operate by introducing stringent data protection and privacy measures that align seamlessly with global standards.
Key highlights of the DPDPA
Key highlights of the DPDPA
Scope: Establishes a comprehensive legal framework for digital personal data management, regulating data from collection to disposal.
Key stakeholders: Data principal, data processor, data fiduciary (including significant data fiduciary with greater responsibilities).
Rights of data principals: Access, erasure, rectification, withdrawal of consent, grievance redressal.
Consent mechanisms: Establishes processes for obtaining and managing consent for data processing.
Security safeguards: Details measures to protect personal data.
Restrictions on processing children's data: Regulations for collecting and using data about minors.
Additional obligations for significant data fiduciaries: Imposes extra responsibilities on major data handlers.
Powers of the Data Protection Board: The Board has the authority to address breaches, investigate and enforce penalties (up to INR 250 crore).
What our leaders have to say
"DPDPA is the big shift towards enabling India’s digital economy and its innovation ecosystem - laying the groundwork for a data-driven business environment that thrives on creating investor value, improving organisational culture and enhancing customer trust."
Vishesh C Chandiok, Chief Executive Officer, Grant Thornton Bharat
"India’s privacy era ushers in fresh opportunities for businesses in the realm of technology enablement and transformation. Responsible adoption will be key towards striking a fine balance between innovation and privacy."
Deepankar Sanwalka, Senior Partner, Grant Thornton Bharat
Impact of DPDPA
The DPDP Act establishes a uniform and standardised approach to data protection. However, it will have a widespread impact on various sectors -
- Customer profiling, authentication, sensitive data
- Process outsourcing - fintech partnerships, data processing, product alliances
- Risk management - credit, AML, fraud, insurance
- Financial information and transaction data
- Travel itinerary
- Payment information
- Reservation information
- Guest feedback
Transforming challenges into business opportunities
Digital Personal Data Protection Act (DPDPA), 2023
The Act is set to have a widespread impact across various sectors, given that nearly every sector, in one way or the other, handles personal and sensitive data