DIGITAL PERSONAL DATA PROTECTION ACT, 2023 is an Act that provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto.
Personal data is information that relates to an identified or identifiable individual. Businesses as well as government entities process personal data for delivery of goods and services. Processing of personal data allows understanding preferences of individuals, which may be useful for customisation, targeted advertising. Unchecked processing may have adverse implications for the privacy of individuals, It may subject individuals to harm such as financial loss, loss of reputation, and profiling.
It applies to the processing of digital personal data within India where such data is collected online, or collected offline and is digitised. It will also apply to such processing outside India, if it is for offering goods or services in India.
Data fiduciaries will be obligated to maintain the accuracy of data, keep data secure, and delete data once its purpose has been met.
This act grants certain rights to individuals including the right to obtain information, seek correction and grievance redressal.
AN EXAMPLE RELATED TO DATA PROTECTION:
Imagine the situation- We have recently signed up for an online service, providing them with our personal details, including our email, phone number, and other requirement.
A few months later, we started receiving an email, phone calls.
This is a situation that many individuals have faced due to companies mishandling or failing to protect their customers’ personal data. With the DPDP Act in place, companies that collect personal data are now held responsible for ensuring that such scenarios do not occur.
Data Protection Board of India
The central government has established the Data Protection Board of India. Key purpose of DPBI are as follows:
(i) Monitoring compliance and imposing penalties if they are not obedience properly.
(ii) Directing data fiduciaries to take necessary steps in the event of a data breach
(iii) Hearing grievances made by affected persons.
Board members has been appointed for two years and will be eligible for re-appointment
Rights of Individuals Under the DPDP Act
The DPDP Act authorize individuals with various rights, making sure they have control over their personal data. These rights include:
Right to Access:
Individuals can request access to their personal data held by any organization. This ensures transparency in how data is being used and processed
Right to Correction and elimination:
If the data held about us is incorrect, we have the right to have it corrected. Similarly, we can request to delete the data that is no longer necessary or relevant.
Right to Data Movability:
Individuals can request their data to be transferred from one organization to another in a commonly used format.
Right to Withdraw Consent:
If we’ve given an organization consent to process our data, we have the right to withdraw that consent at any time.
Role of the Data Protection Officer (DPO)
To ensure compliance, companies that handle a large volume of personal data must appoint a Data Protection Officer (DPO).
The DPO is responsible for overseeing data protection strategies and ensuring that the company shall complies with the regulations set out in the DPDP Act.
They serve as a Bridge between company and Data Protection Board of India.
Penalties for Non-Compliance
Non-compliance with the DPDP Act can result in heavy penalties
For instance, failing to protect personal data properly or not reporting a data breach can lead to penalties ranging from ₹5 crore to ₹250 crore, depending on the range of the violation such as:
(a) Breach in observing the obligation of Data Fiduciary to take reasonable security steps to prevent the personal data
(b) Breach in observing the obligation to give the affected Data Principal notice of a personal data breach
(c) Breach in observing the obligations in relation to children
(d) Breach of any other provision of this Act or the rules made thereunder
At the end, DPDP Act is the game-changer in the world of data privacy. It not only gave the power to individual to protect their personal data but also make businesses responsible for holding the data in a proper manner and accountable in case of breach.
As more of our lives move online, having laws that protect our personal information is essential for building trust in the digital economy.
For businesses, compliance with the DPDP Act is not only a legal requirement—it’s a pathway to building customer trust and maintaining a positive brand reputation.
By investing in strong data protection practices, businesses can avoid heavy penalties and develop a sense of security and confidence among their customers, this will lead to business growth.
Ultimately, the DPDP Act benefits both individuals and businesses, creating a safer digital environment for all.
