India’s Digital Personal Data Protection Act, 2023 (DPDPA) was implemented to provide regulations and guidelines for processing personal data in the digital sphere. For any global business operating in or with India, it’s important to be familiar with the Act to understand its influence on data processing in India.

Differences from EU’s Regulations

While an effort has been made to align with the European Union’s General Data Protection Regulation (GDPR), DPDPA is tailored to the Indian context. Under DPDPA, the sole responsibility for the processed data is on the data fiduciaries (entities processing the data) and not on the data principals (entities with whom the data relates).

In India, if a global business is collecting data online (or collecting it offline but processing it online), they are considered data fiduciaries and must follow DPDPA regulations. Unlike GDPR, DPDPA does not distinguish between personal and sensitive personal data. All personally identifiable data is regulated in the same way across the board. However, all data that has been made publically available, whether through the data principle or under applicable laws, is not protected under DPDPA.

Safeguard Your DPDPA Compliance

For a global business, these are the steps that need to be taken to ensure compliance with the Act: 

  1. Understanding the provisions and requirements of the Act and preparing a comprehensive inventory using data discovery techniques. 
  2. Implementing a consent management mechanism followed by establishing and maintaining technical and organizational security measures.
  3. Conducting regular internal audits to evaluate Act compliance and preparing protocols for responding to data principal rights requests.
  4. Maintain proper contracts with data processors and monitor any changes in data protection laws.

These responsibilities must be undertaken seriously and properly to avoid non-compliance and subsequent penalties from the government. If you have a global business operating in India, Corporate Leaps can help you with compliance with data privacy regulations like DPDPA. We can also provide consultancy on other laws you must know and comply with to operate your business successfully.