Digital Personal Data Protection Act (DPDPA), 2023
The Digital Personal Data Protection Act, 2023 marks a significant milestone in India’s journey toward a rights-based and accountable data protection framework. It aims to regulate the processing of digital personal data in a manner that recognizes both the right to privacy of individuals and the need to process data for lawful purposes.
Digital Personal Data Protection Act (DPDPA), 2023
The Digital Personal Data Protection Act, 2023 marks a significant milestone in India’s journey toward a rights-based and accountable data protection framework. It aims to regulate the processing of digital personal data in a manner that recognizes both the right to privacy of individuals and the need to process data for lawful purposes.
Digital Personal Data Protection Act (DPDPA), 2023
The Digital Personal Data Protection Act, 2023 marks a significant milestone in India’s journey toward a rights-based and accountable data protection framework. It aims to regulate the processing of digital personal data in a manner that recognizes both the right to privacy of individuals and the need to process data for lawful purposes.
Key Definitions
Key Definitions
1
Data Principal
The individual to whom the personal data relates.
1
Data Principal
The individual to whom the personal data relates.
1
Data Principal
The individual to whom the personal data relates.
2
Data Fiduciary
Any entity (company, organization, government body) that determines the purpose and means of processing personal data.
2
Data Fiduciary
Any entity (company, organization, government body) that determines the purpose and means of processing personal data.
2
Data Fiduciary
Any entity (company, organization, government body) that determines the purpose and means of processing personal data.
3
Consent Manager
A registered entity that manages consent on behalf of data principals in a transparent manner.
3
Consent Manager
A registered entity that manages consent on behalf of data principals in a transparent manner.
3
Consent Manager
A registered entity that manages consent on behalf of data principals in a transparent manner.
Core Principles of the DPDPA
Core Principles of the DPDPA
Lawful and Transparent Processing
Personal data should only be processed for a lawful purpose with the knowledge or consent of the data principal.
Lawful and Transparent Processing
Personal data should only be processed for a lawful purpose with the knowledge or consent of the data principal.
Lawful and Transparent Processing
Personal data should only be processed for a lawful purpose with the knowledge or consent of the data principal.
Purpose Limitation
Data must be used only for the purpose it was collected.
Purpose Limitation
Data must be used only for the purpose it was collected.
Purpose Limitation
Data must be used only for the purpose it was collected.
Data Minimization
Only data necessary for the intended purpose should be collected.
Data Minimization
Only data necessary for the intended purpose should be collected.
Data Minimization
Only data necessary for the intended purpose should be collected.
Accuracy
Reasonable efforts must be made to ensure that data is accurate and up to date.
Accuracy
Reasonable efforts must be made to ensure that data is accurate and up to date.
Accuracy
Reasonable efforts must be made to ensure that data is accurate and up to date.
Storage Limitation
Data should not be retained for longer than necessary.
Storage Limitation
Data should not be retained for longer than necessary.
Storage Limitation
Data should not be retained for longer than necessary.
Security Safeguards
Fiduciaries must implement technical and organizational safeguards to prevent unauthorized processing.
Security Safeguards
Fiduciaries must implement technical and organizational safeguards to prevent unauthorized processing.
Security Safeguards
Fiduciaries must implement technical and organizational safeguards to prevent unauthorized processing.
Accountability and Grievance Redressal
Fiduciaries are accountable for compliance and must provide mechanisms for individuals to address grievances.
Accountability and Grievance Redressal
Fiduciaries are accountable for compliance and must provide mechanisms for individuals to address grievances.
Accountability and Grievance Redressal
Fiduciaries are accountable for compliance and must provide mechanisms for individuals to address grievances.
Rights of the Data Principal
Rights of the Data Principal
1
Right to Access Information: Know what data is being collected and how it is used.
Right to Access Information: Know what data is being collected and how it is used.
2
Right to Correction and Erasure: Get personal data corrected or deleted.
Right to Correction and Erasure: Get personal data corrected or deleted.
3
Right to Grievance Redressal: Lodge complaints with the data fiduciary or the Data Protection Board.
Right to Grievance Redressal: Lodge complaints with the data fiduciary or the Data Protection Board.
4
Right to Withdraw Consent: Revoke previously given consent at any time.
Right to Withdraw Consent: Revoke previously given consent at any time.
Obligations for Organizations (Data Fiduciaries)
Obligations for Organizations (Data Fiduciaries)
1
Obtain clear and specific consent before processing.
Obtain clear and specific consent before processing.
2
Appoint Data Protection Officers (for Significant Data Fiduciaries).
Appoint Data Protection Officers (for Significant Data Fiduciaries).
3
Ensure data localization in some cases (subject to future rules).
Ensure data localization in some cases (subject to future rules).
4
Notify data breaches promptly to the Board and affected individuals.
Notify data breaches promptly to the Board and affected individuals.
5
Maintain RoPA (Records of Processing Activities) and conduct DPIAs (Data Protection Impact Assessments) where required.
Maintain RoPA (Records of Processing Activities) and conduct DPIAs (Data Protection Impact Assessments) where required.
Penalties for Non-Compliance
Penalties for Non-Compliance
The Act imposes strict penalties for violations:
The Act imposes strict penalties for violations:
1
Up to ₹250 crore for breach of obligations relating to children's data.
Up to ₹250 crore for breach of obligations relating to children's data.
2
Up to ₹200 crore for failure to take reasonable safeguards to prevent personal data breaches.
Up to ₹200 crore for failure to take reasonable safeguards to prevent personal data breaches.
3
Penalties extend to other non-compliance events based on severity.
Penalties extend to other non-compliance events based on severity.
How GoTrust Enables DPDPA Compliance
How GoTrust Enables DPDPA Compliance
GoTrust equips organizations with a comprehensive, modular toolkit to achieve and sustain compliance with the DPDPA:
GoTrust equips organizations with a comprehensive, modular toolkit to achieve and sustain compliance with the DPDPA:
DPDPA Requirement
DPDPA Requirement
How GoTrust Helps
How GoTrust Helps
Consent Management
Consent Management
Through the Universal Consent Management (UCM) module, GoTrust captures, revokes, and audits consent at scale, ensuring clear traceability.
Through the Universal Consent Management (UCM) module, GoTrust captures, revokes, and audits consent at scale, ensuring clear traceability.
Data Discovery & Classification
Data Discovery & Classification
Automatically scans systems and classifies data (PII, SPI) for better visibility, essential for fulfilling storage limitation, minimization, and breach response obligations.
Automatically scans systems and classifies data (PII, SPI) for better visibility, essential for fulfilling storage limitation, minimization, and breach response obligations.
User Rights Fulfillment
User Rights Fulfillment
Workflow-driven tools to handle data subject access requests (DSARs), correction, erasure, and consent withdrawal, fully aligned with user rights under DPDPA.
Workflow-driven tools to handle data subject access requests (DSARs), correction, erasure, and consent withdrawal, fully aligned with user rights under DPDPA.
Processing Records (RoPA)
Processing Records (RoPA)
Maintains detailed records of processing activities, linked to business units, systems, and data types—automated and auditable.
Maintains detailed records of processing activities, linked to business units, systems, and data types—automated and auditable.
Governance & Risk Monitoring
Governance & Risk Monitoring
Provides real-time risk dashboards, DPIA tools, policy attestations, and compliance scoring to keep governance teams informed and audit ready.
Provides real-time risk dashboards, DPIA tools, policy attestations, and compliance scoring to keep governance teams informed and audit ready.
Data Breach Management
Data Breach Management
Embedded incident management framework helps identify, assess, and notify breaches within mandated timeframes.
Embedded incident management framework helps identify, assess, and notify breaches within mandated timeframes.
Cross-functional Collaboration
Cross-functional Collaboration
Centralized platform that supports roles across Legal, Compliance, IT, and Business teams for shared ownership and faster implementation.
Centralized platform that supports roles across Legal, Compliance, IT, and Business teams for shared ownership and faster implementation.
Ready to get started?
Ready to get started?
Ready to get started?
Request a free demo today to see how GoTrust can guide your trust transformation journey
Request a free demo today to see how GoTrust can guide your trust transformation journey
GoTrust Knowledge Hub
GoTrust Knowledge Hub
Stay informed with insights, updates, and expert perspectives on data privacy, compliance, and digital trust.
Stay informed with insights, updates, and expert perspectives on data privacy, compliance, and digital trust.
Stay informed with insights, updates, and expert perspectives on data privacy, compliance, and digital trust.
Stay informed with insights, updates, and expert perspectives on data privacy, compliance, and digital trust.
مهمتنا هي تبسيط إدارة البيانات، وتعزيز الأمان، وضمان الالتزام - كل ذلك ضمن أداة واحدة قوية
© 2024-25 GoTrust | Made in Netherlands
info@gotrust.nl
مهمتنا هي تبسيط إدارة البيانات، وتعزيز الأمان، وضمان الالتزام - كل ذلك ضمن أداة واحدة قوية
© 2024-25 GoTrust | Made in Netherlands
info@gotrust.nl
© 2024-25 GoTrust | Made in Netherlands
info@gotrust.nl