India's Digital Personal Data Protection Act (DPDP Act) establishes a regulatory framework for the processing of digital personal data, ensuring the protection of individuals’ privacy while promoting the responsible use of data in the digital economy. This law reflects India’s growing focus on data security and privacy in the face of its rapid digitalization. The DPDP Act sets out rights for individuals and imposes compliance obligations on organizations handling personal data, aiming to safeguard citizens’ privacy while supporting the country’s digital growth.
India’s Digital Personal Data Protection Act (DPDP Act) regulates the processing of digital personal data. It focuses on protecting individual privacy rights while ensuring that organizations use data responsibly and securely in the digital economy.
The DPDP Act applies to any organization, domestic or international, that processes the digital personal data of Indian residents or offers goods and services to individuals in India.
The DPDP Act covers the processing of digital personal data, including any information that can identify an individual such as names, addresses, phone numbers, and online identifiers.
The DPDP Act took effect on August 1, 2023.
- Consent-Based Processing: Data must be processed only with the clear consent of the individual.
- Lawful Use: Data must be used for legitimate and lawful purposes.
- Data Minimization: Only the necessary data for a specific purpose should be collected.
- Data Accuracy: Organizations must ensure that data is accurate and up to date.
- Right to Information: Individuals have the right to know how their data will be processed and used.
Violations of the DPDP Act can result in fines of up to ₹250 crore (approximately USD $30 million). Enforcement is overseen by the Data Protection Board of India.