What is the Digital personal Data Protection (DPDP) Act?
In early August 2023, the Indian Parliament passed the Digital Personal Data Protection (DPDP) Act, 2023. India’s Digital Personal Data Protection Act is a ground-breaking legislation that balances the rights of individuals to protect their personal data with the necessity of processing such data for lawful purposes. The Act imposes obligations on Data Fiduciaries, those processing data, and outlines the rights and duties of Data Principals, individuals to whom the data pertains. It also introduces financial penalties for breaches.
The 2023 act is the second version of the bill introduced in Parliament and fourth overall. In 2017, the Supreme Court of India recognized the right to privacy as a constitutionally protected right in the Puttaswamy judgement, also known as the Right to Privacy verdict. The court also noted India’s lack of a comprehensive privacy law and the limitations of the existing Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules or SPDI Rules, implemented in 2011.
Following the Right to Privacy verdict, the government of India developed draft legislation designed to protect the privacy of Indians. Earlier versions of the Personal Data Protection Act received significant scrutiny and were ultimately unsuccessful, including the Data Protection Bill 2021, which bore some similarities to the European Union’s General Data Protection Regulation (GDPR). It was withdrawn in August 2022.
In November 2022, the Ministry of Electronics and Information Technology proposed the Digital Personal Data Protection Bill 2023, and in August 2023, the President of India formally enacted the “Digital Personal Data Protection Bill” following its approval from both houses of the Indian Parliament.
Who does India’s Digital Personal Data Protection Act (DPDP Act) apply to?
The DPDP Act applies to the processing of digital personal data, which is broadly defined as data in digital form (whether collected in digital form, or in non-digital form and then digitized) about an individual, who is identifiable by such data. DPDP Act applies to organizations processing data if the following conditions are met:
Aggregated data, data used for household/domestic purposes, and publicly available personal data are outside the scope of the DPDP Act.
Fortra’s Digital Guardian can help you comply with the Digital personal Data Protection Act
Fortra's Digital Guardian can play a crucial role in helping organizations comply with India’s Digital Personal Data Protection Act, 2023 (DPDP Act). The DPDP Act focuses on the protection and processing of personal data, ensuring data privacy rights for individuals and enforcing accountability for data handlers. Digital Guardian addresses key aspects of this regulation with its comprehensive data protection and security solutions. Here's how:
Monitoring and Reporting
Digital Guardian provides continuous monitoring and detailed reporting on data access and usage, helping organizations maintain transparency and accountability for compliance audits.
Automated Policy Enforcement
The solution automates policy enforcement to ensure that personal data is handled according to established compliance standards and regulations.