Introduction
Data has become the centre of innovation and business. For any successful business to thrive, data is necessary. The latest technologies, from Artificial Intelligence to the Metaverse, all require data to function efficiently. With the abundance of data available online and the countless data extracted from individuals, the question of the importance of Privacy has been raised time and again around the world. The European Union attempted to answer this problem of Data Privacy through the General Data Protection Regulation (GDPR) and several other countries have adopted various legislations in pursuance of Data Privacy. But what about Data Privacy in India?
The Digital Personal Data Protection Bill was passed by the Lok Sabha on August 7 and in Rajya Sabha on August 9. Subsequently, President Draupadi Murmu gave her assent to the Digital Personal Data Protection Bill on August 11, 2023. This gave India specific legislation that addresses the protection of a citizen’s data. Now that the law has been enacted, the government will initiate the rule-making process for the DPDP Law. This Act has the power to drastically impact businesses and organizations in India and outside. The Act consists of heavy compliance requirements for businesses and failure to comply with the Act can result in fines up to Rs. 250 Crores. In this blog, we shall examine the applicability of the Act and break down the complexities of the compliance requirements under the DPDPA for businesses.
Applicability of the DPDPA
Before diving into the complexities of the new DPDPA, it is essential to determine the applicability of the Act and whether your business can be affected by the new Act. This Act shall apply to the processing of Personal Data in the territory of India. The term ‘Personal Data’ is defined under the Act as any data about an individual who is identifiable by or about such data.
Similar to the previous draft version of the bill, the DPDPA shall apply to the processing of Personal Data in the territory of India. However, it is important to highlight that the Personal Data has to be either collected in a Digital Form or must be subsequently digitized if collected in a non-digital form. Hence, the Act shall apply to Personal Data in the Digital form only.
Read Original Article Here > Compliance Requirements under the DPDP Act, 2023
Comments 0