Legal Process under the Digital Personal Data Protection Act, 2023

In a time when digital interactions have become the main focus of daily life, protecting personal data has increased as a critical concern. Identifying this, India has passed the Digital Personal Data Protection Act, 2023 (DPDPA). This aims to save individuals’ personal information in the digital area.

These action charges discuss the legal action for data processing. This discusses the rights and problems of the individuals and gives support for government and other officials. This blog provides a detailed discussion of the DPDPA and will also discuss its main actions, the legal processes it has, and its implications for data principles and fund security.

Evolution of Data Protection in India

Before the DPDPA, India lacked a dedicated data protection statute. The Information Technology Act, of 2000, along with its similar rules, primarily focused on data privacy matters.

However, the unexpected growth of digital data and increasing incidents of data breaches bring the need for an important legal framework. The journey towards the DPDPA involved a lot of consultations, with the Ministry of Electronics and Information Technology (MeitY) introducing a draft bill in November 2022. The other information and recommendations were introduced in the law of the DPDPA in August 2023.

Scope and Applicability of the DPDPA

The DPDPA applies to the processing of digital personal data within India. This has

1. Data collected in digital form: Information gathered directly through digital form.​
2. Data collected offline but digitized: Information was initially collected in non-digital formats and has been converted into digital form.​

In the next, the Act was applied everywhere. This expands to data processing activities conducted outside India if they involve offering goods or services to individuals within the country.

Rights of Data Principals

The DPDPA gives the power to data principals with a lot of rights:

1. Right to Access: Individuals can access confirmation on whether their data is being processed and access such data.
2. Right to Correction and Erasure: Data principals can request correction of inaccurate data and erasure of data that is no longer necessary or where consent has been withdrawn.​
3. Right to Data Portability: Individuals can receive their data in a structured, commonly used format and transfer it to another data server.​
4. Right to Object: Data principals can object to the processing of their data, especially in cases of direct marketing.​
5. Right to Objection Readdressed: Individuals can approach data fiduciaries for grievance redressal and, if unsatisfied, escalate the matter to the Data Protection Board.

Obligations of Data Fiduciaries

Data fiduciaries bear significant responsibilities under the DPDPA:​

1. Implementation of Security Safeguards: They must employ appropriate technical and organizational measures to prevent data breaches.​
2. Data Breach Notification: In the event of a personal data breach, fiduciaries are required to inform both the affected data principals and the Data Protection Board promptly.​
3. Data Protection Impact Assessments: Significant Data Fiduciaries are mandated to conduct assessments evaluating the impact of proposed data processing operations on the protection of personal data.​
4. Appointment of Data Protection Officer (DPO): SDFs must designate a DPO to oversee compliance and act as a point of contact for data principals.
5. Grievance Redressal Mechanism: Establishing an effective system to address data principals’ grievances is compulsory.

Why Choose Us?

Any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, dissemination, or destruction. A data fiduciary is designated based on factors like the volume and sensitivity of personal data processed, requiring adherence to additional obligations. 

We are the best lawyers in Delhi and we have an experienced team to handle these cases. Our team can handle the legal work easily. So please feel free to contact us.