The Central Government of India has announced that companies, including startups, will be granted approximately a year’s time to comply with the regulations outlined in the Digital Personal Data Protection (DPDP) Act, 2023. This act establishes a legal framework to safeguard individuals’ personal data and governs its processing, emphasizing consent and privacy protection. It applies to digital personal data processing within and outside India if it involves providing goods or services to Indian data principals. Key stakeholders include data principals (owners), data fiduciaries (entities collecting data), data processors, and data protection officers. Non-compliance may lead to financial penalties, with the DPDP Act taking precedence in case of conflicts with other laws.
Facts/Terms for UPSC Prelims
- Digital Personal Data Protection (DPDP) Act, 2023: The DPDP Act is an Indian legal framework designed to protect personal data, emphasizing consent and privacy rights in the digital realm.
- Data Principal (DP): A data principal is the owner of personal data, be it an individual or entity. They grant consent for data processing, can withdraw consent, and have various rights under the DPDP Act.
- Data Fiduciary: Data fiduciaries are entities that collect, store, and share data and act as “Consent Managers.” They are responsible for ensuring data protection and facilitating consent management.
- Data Processor: Data processors handle data processing on behalf of data fiduciaries, although they may be the same entity in certain cases.
- Data Protection Officer (DPO): A DPO is an individual appointed by a data fiduciary to oversee data protection and compliance with the DPDP Act.
- Data Protection Board of India (DPBI): The DPBI is an independent adjudicatory body responsible for resolving privacy-related disputes and grievances, ensuring compliance, and imposing penalties. Its members are appointed by the central government.
- Penalty for Infringement: Non-compliance with the DPDP Act can result in financial penalties ranging from Rs. 10,000 for data principals to as high as Rs. 250 crores for data fiduciaries or processors.
- Conflict with Existing Laws: The DPDP Act supplements existing laws and takes precedence in case of any conflicts with other laws. Civil courts do not have jurisdiction over matters under this Act, and injunctions are not granted.
