The Digital Personal Data Protection Bill-2023

DPDP (Digital Personal Data Protection)
The Digital Personal Data Protection Bill-2023 applies to the processing of digital personal data in India, encompassing both online and digitized offline data. It extends its jurisdiction to data processing outside India if related to offering goods or services within the country. Personal data processing requires lawful purposes and individual consent, except for specified legitimate uses and state-related processing. Data fiduciaries must maintain accuracy, ensure security, and delete data post its intended use. The bill grants individuals rights, including information access, correction, erasure, and grievance redressal. The central government may exempt government agencies for specified reasons, and a Data Protection Board of India will be established to adjudicate non-compliance with the bill’s provisions.

DPDP Compliance Act: Journey so far 

August 2017

Hon’ble Supreme Court of India declared Right to Privacy as a fundamental right in K.S. Puttaswamy judgement

July 2018

Committee formed under the chairmanship of Justice Srikrishna submits report along with draft of PDP Act, 2018

December 2019

The PDP Act, 2019 introduced in the Lok Sabha and was referred to Joint Parliamentary Committee (JPC)

December 2021

JPC releases its report and a new version of the Act as Data Protection Act (DPA)

November 2022

Ministry of Electronics and Information Technology (MeitY) releases draft Digital Personal Data Protection Bill (DPDPB) for public consultation

August 2017

Union Cabinet approves the draft DPDP Bill, 2023

August 2023

The President of India assents to the Bill to make Digital Personal Data Protection (DPDP) an Act

Key Highlights of the Act

It applies to the processing of digital personal data within India, whether it is collected online or offline and digitised. If goods or services are offered in India, it will also apply to such processing outside India.
An individual’s consent is required before processing personal data. State permits, licenses, benefits, and services may not require consent for certain legitimate uses, such as voluntary sharing of data by individuals.
The fiduciaries will be responsible for maintaining the accuracy of data, maintaining its security, and deleting it once the purpose of the data has been accomplished.
The fiduciaries will be responsible for maintaining the accuracy of data, maintaining its security, and deleting it once the purpose of the data has been accomplished.
In the interest of state security, public order, and crime prevention, the central government may exempt government agencies from the provisions of the Bill.
For non-compliance with the Bill, the central government will establish the Data Protection Board of India.
The exemptions provided in the Bill are as follows
The law provides exemptions from consent and notice requirements as well as most obligations of data fiduciaries and related requirements in certain cases:
1) Data processing necessary for research, archiving, or statistical purposes if the personal data is not to be used to take any decision specific to a data principal.
2) The government can exempt certain classes of data fiduciaries, including startups, from some provisions—notice, completeness, accuracy, consistency, and erasure.
3) Personal data has to be processed by courts or tribunals, or for the prevention, detection, investigation, or prosecution of any offenses;
4) Where the personal data of non-Indian residents is being processed within India; and so on.
5) Data processing necessary for research, archiving, or statistical purposes if the personal data is not to be used to take any decision specific to a data principal.
6) The government can exempt certain classes of data fiduciaries, including startups, from some provisions—notice, completeness, accuracy, consistency, and erasure.

How Revolution Can help ?

Competitive Advantage

Competitive Advantage

Assess the current Data Privacy posture, working practices and documentation against the requirement of DPDB

Data Discovery

Data Discovery and Mapping

Identify the Personal Data touch points and conduct data discovery and mapping activities

Third Party Risk Management DPDP (Digital Personal Data Protection)

Third-Party Risk Management

Identify the third party ecosystem, ensure organizational and technical security measures are implemented through inclusion of the same within valid contracts

Technical Safeguards

Technical Safeguards

Identify the critical business processes/assets/ applications which processes large volume of Personal Data and implement technical security measures

Training and Awareness

Training and Awareness

Socialization workshops for employees, management personnel and third parties to promote a privacy inclusive culture throughout the organization

Data Privacy Framework

Data Privacy Framework Development

Develop Data Privacy framework to strengthen your organization’s data privacy program

Privacy Risk Assessment

Privacy Risk Assessment

Perform Data Protection Impact Assessment (DPIA) for the high risk inscope business functions/ applications to identify the potential risk exposure*

Privacy Enhancing Technologies

Privacy Enhancing Technologies

Reduce manual tasks with integrated workflow through Privacy Enhancing Technologies and manage your data governance activities in an automated manner

Internal Audit Assistance

Internal Audit Assistance

Independent Data Privacy audits to identify the gaps and risks on a periodic basis

7901 4TH ST Nste,300 ST Petersburg, Florida 33702​
11, Whitewood Avenue, Winnipeg, MB R3Y 0B8, Canada​​
19 Marrone Bvd, Cranbourne East Victoria 3977​
15 The Hamlet, Champion Hill London, SE5 8AW​

ILD TRADE CENTER, Sohna Rd Sector 47, Gurugram​

United States

7901 4TH ST Nste,300 ST Petersburg, Florida 33702

Canada

11, Whitewood Avenue, Winnipeg, MB R3Y 0B8, Canada​

Australia

19 Marrone Bvd, Cranbourne East Victoria 3977

United Kingdom

15 The Hamlet, Champion Hill London, SE5 8AW

India

ILD TRADE CENTER, Sohna Rd Sector 47, Gurugram

Scroll to Top