What is Digital Personal Data Protection (DPDP) Act, 2023?
Historical Background
Key Points
10 points- 1.
Applicability: Applies to the processing of digital personal data within India and to processing outside India if it involves offering goods or services to Data Principals in India.
- 2.
Data Fiduciary & Data Principal: Defines Data Fiduciary entity determining the purpose and means of processing personal data and Data Principal the individual to whom the data relates.
- 3.
Consent: Mandates explicit, free, specific, informed, and unambiguous consent from the Data Principal for processing personal data, with an option to withdraw consent.
- 4.
Legitimate Uses: Allows processing of personal data without consent in certain 'legitimate uses' e.g., for employment, public interest, medical emergencies, or state functions, which need detailed rules.
- 5.
Rights of Data Principal: Includes rights to access information, correction, erasure, grievance redressal, and nomination.
- 6.
Duties of Data Fiduciary: Requires Data Fiduciaries to make reasonable efforts to ensure accuracy and completeness of data, implement security safeguards, and notify the Data Protection Board of India and affected Data Principals in case of a data breach.
- 7.
Data Protection Board of India (DPBI): Establishes an independent body to adjudicate disputes, impose penalties, and ensure compliance with the Act.
- 8.
Significant Data Fiduciaries: Identifies certain Data Fiduciaries based on volume and sensitivity of data, requiring them to undertake additional obligations like Data Protection Impact Assessments and appointing a Data Protection Officer.
- 9.
Penalties: Imposes substantial penalties for non-compliance, ranging up to ₹250 crore for major breaches.
- 10.
Cross-border Data Transfer: Allows transfer of personal data to specified countries and territories, subject to notification by the Central Government.
Visual Insights
DPDP Act, 2023: Key Pillars & Interconnections
This mind map illustrates the core components and relationships within the Digital Personal Data Protection Act, 2023, crucial for understanding its framework and implications.
DPDP Act, 2023
- ●Core Objectives
- ●Key Definitions
- ●Consent & Legitimate Uses
- ●Rights & Duties
- ●Enforcement & Penalties
DPDP Act 2023: Key Figures and Impact
This dashboard highlights critical statistics and figures associated with the DPDP Act 2023, providing a quantitative perspective on its scope and enforcement.
- Maximum Penalty for Major Breach
- ₹250 Crore
- Data Principals Protected
- ~1.4 Billion
- Enactment Year
- 2023
- Sectors Impacted (Initial Focus)
- Healthcare, Finance, Telecom
This substantial penalty aims to deter non-compliance and ensure Data Fiduciaries take data protection seriously, especially for Significant Data Fiduciaries.
The Act protects the digital personal data of every individual in India, making it one of the world's largest data protection frameworks by population covered.
The Act received Presidential assent in August 2023, marking a significant legislative milestone after years of debate and development.
These sectors handle highly sensitive personal data, making them critical areas for robust implementation of the DPDP Act's provisions.
Recent Developments
4 developmentsThe Act was passed by both houses of Parliament and received presidential assent in August 2023.
The Central Government is currently in the process of formulating detailed rules and regulations to operationalize various provisions of the Act.
Industry consultations are ongoing to ensure smooth implementation and address specific sectorial concerns, including for the healthcare sector.
The establishment of the Data Protection Board of India is a critical next step for enforcement.
