The Digital Personal Data Protection Act 2023 is an Act of the Parliament of India. This Act provides for the processing of digital personal data in a manner that recognizes both the rights of the individuals to protect their personal data and the need to process such personal data for lawful purposes and matters connected in addition to or incidental to it.

Personal data refers to any information that relates to an identified or identifiable living individual. In recent years, most individuals have chosen to store their personal data digitally, and this Act aims to protect their data and right to privacy.

The Bill protects digital personal data by providing:

  • Obligations of Data Fiduciaries (DFs; persons, companies, and government entities who process data) for data processing (collection, storage, or any other operation on personal data)
  • Rights and duties of Data Principals (DPs; the person to whom the data relates) financial penalties for breach of rights, responsibilities, and obligations. 
  • Moreover, it seeks to introduce data protection law with minimum disruption while ensuring necessary change in how DFs process data, enhance the Ease of Living and the Ease of Doing Business, and enable India’s digital economy and innovation ecosystem.

Rights of DPs include:

  • Access to information about personal data processed
  • Correction and erasure of data
  • Grievance redressal, and
  • Nominating a person to exercise rights in case of death or incapacity. 

To enforce their rights, an affected DP may approach the DF in the first instance or take it up with the Data Protection Board.

Obligations of DFs include:

  • Having security safeguards in place to prevent a breach.
  • Informing the affected DP and the Board in case of a breach.
  • Erasing personal data when it is no longer needed or upon withdrawal of consent.
  • Having a grievance redressal system to respond to queries from DPs.
  • Fulfilling additional obligations such as appointing a data auditor and conducting periodic assessments to ensure higher data protection.

There are many such Indian laws and regulations that businesses should be aware of and follow. In such cases, Corporate Leaps can help you stay up to date. We ensure your business stays compliant with Indian laws, and you can establish your company without any worries.