The Digital Personal Data Protection Act 2023 (DPDP Act) received Presidential assent on 11 August 2023, making India one of the few countries with a comprehensive data protection law. This landmark legislation replaces the fragmented data protection provisions under the IT Act 2000 and establishes a dedicated framework for the processing of digital personal data.

Key Provisions

1. Data Fiduciaries and Data Processors
The Act introduces the concept of "Data Fiduciary" — any person who determines the purpose and means of processing personal data. Significant Data Fiduciaries (SDFs) face additional obligations including appointment of a Data Protection Officer, conducting Data Protection Impact Assessments and periodic audits.

2. Rights of Data Principals
Indian citizens (Data Principals) now have the following rights:
- Right to access information about personal data being processed
- Right to correction and erasure of personal data
- Right to grievance redressal
- Right to nominate a representative in case of death or incapacity

3. Consent Framework
Processing of personal data requires free, specific, informed, unconditional and unambiguous consent. The Act mandates that consent requests be presented in clear, plain language and in multiple languages.

4. Cross-Border Data Transfers
The Act permits transfer of personal data outside India except to countries notified by the Central Government. This is a significant departure from the earlier draft which proposed data localisation requirements.

5. Penalties
The Data Protection Board of India can impose penalties up to ₹250 crore for breach of obligations related to children's data and up to ₹200 crore for failure to implement security safeguards.

Implications for Businesses

Every organisation that processes personal data of Indian residents must:
- Review and update privacy policies
- Implement consent management mechanisms
- Appoint a Data Protection Officer (if classified as SDF)
- Establish grievance redressal mechanisms
- Conduct data audits

The DPDP Act represents a significant compliance burden but also an opportunity for organisations to build trust with their customers through transparent data practices.

At Nyaya Siddhanta, our Legal Auditing & Compliance team specialises in DPDP Act compliance assessments and implementation support. Contact us for a comprehensive compliance review.