DPDP Act 2023 Key Features
The Digital Personal Data Protection Act 2023 introduces several key features designed to enhance data privacy and security. These include:
Applicability
- The Bill applies to the processing of digital personal data within India where such data is: (i) collected online, or (ii) collected offline and is digitised.
- It will also apply to the processing of personal data outside India if it is for offering goods or services in India.
Consent
- Personal data may be processed only for a lawful purpose after obtaining the consent of the individual.
- For individuals below 18 years of age, consent will be provided by the parent or the legal guardian.
- A notice must be given before seeking consent. The notice should contain details about the personal data to be collected and the purpose of processing.
- Consent may be withdrawn at any point of time.
Rights of data principal
Data principal is an individual whose data is being processed. An individual will have the right
- To obtain information about processing
- To seek correction and erasure of personal data
- To nominate another person to exercise rights in the event of death or incapacity and
- Grievance redressal
Duties of Data Principals
Data Principals must not
- Register a false or frivolous complaint
- Furnish any false particulars or impersonate another person in specified cases
- Violation of duties will be punishable with a penalty of up to Rs 10,000.
Duties of Data Fiduciaries
Data fiduciaries are the entities that determine the purpose and means of processing. They must
- Make reasonable efforts to ensure the accuracy and completeness of data.
- Build reasonable security safeguards to prevent a data breach.
- Inform the Data Protection Board of India and affected persons in the event of a breach.
- Erase personal data as soon as the purpose has been met and retention is not necessary for legal purposes.
Transfer of Personal Data outside India
- The central government will notify countries where a data fiduciary may transfer personal data.
- Transfers will be subject to prescribed terms and conditions.
Exemptions
- Rights of the data principal and obligations of data fiduciaries (except data security) will not apply in specified cases. These include
- prevention and investigation of offences, and
- enforcement of legal rights or claims.
The central government may, by notification, exempt certain activities from the application of the Bill. These include
- processing by government entities in the interest of the security of the state and public order, and
- research, archiving, or statistical purposes.
Data Protection Board of India
The central government will establish the Data Protection Board of India. Main functions of the Board wll be:
- monitoring compliance and imposing penalties,
- directing data fiduciaries to take necessary measures in the event of a data breach, and
- Grievance redressal
Penalities and Appeal
The act specifies penalties for various offences such as:
- Penality of Rs 200 crore for non-fulfilment of obligations for children, and
- Penality of Rs 250 crore for failure to take security measures to prevent data breaches
The decisions of the board can be appealed to Telecom Dispute Settlement and Appellate Tribunal.
Digital Personal Data Protection Act 2023
Digital Personal Data Protection Act 2023 are formed to protect the rights and duties related to the management of large amounts of digital personal data created in the economy. It aims to maintain a balance between individual privacy rights and at the same allow data to be used for various purposes. Recently Digital Personal Data Protection Act (DPDPA), 2023 was passed that will replace the existing Information Technology Act, 2000, the Draft Indian Telecommunication Bill, 2022, and a Policy addressing the governance of non-personal data.
Table of Content
- Digital Personal Data Protection Act 2023 Overview
- What is DPDP Act 2023?
- Digital Personal Data Protection Act 2023 – A Brief History
- DPDP Act 2023 Objectives
- Purpose of Digital Personal Data Protection Act
- Why DPDP Act was Introduced?
- Visual Guide – Digital Personal Data Protection Act 2023
- Need of Data Protection
- Digital Personal Data Protection Act 2023
- DPDP Act 2023 Key Features
- Main Provisions of DPDP Act
- Digital Personal Data Protection Highlights
- Rights under DPDP Act 2023
- Individual Rights DPDP Act
- Data Protection Rights India
- DPDP Act 2023 Compliance
- How to Comply with DPDP Act
- Business Obligations under DPDP Act
- DPDP Act 2023 Penalties
- Enforcement of Digital Personal Data Protection Act
- Fines under DPDP Act
- DPDP Act vs GDPR
- Digital Personal Data Protection Act Compared to International Laws
- DPDP and Global Data Protection
- Impact of DPDP Act on Businesses
- How DPDP Act Affects Consumers
- DPDP Act 2023 Implications
- Significance of Digital Personal Data Protection Act 2023
- Preparing for DPDP Act 2023
- DPDP Act Checklist for Businesses
- Data Protection Act Readiness
- Data Privacy Law in Other Countries
- Concerns related to the Digital Personal Data Protection Act 2023