What is the News ?

The Central Government has announced that companies and entities may have approximately one year to comply with the regulations outlined in the Digital Personal Data Protection (DPDP) Act, 2023. Smaller organizations or startups might be granted even more time for compliance.

Facts About:

The DPDP Act is a legal framework in India designed to protect individuals' personal data and ensure it's only shared with their consent. It governs the processing of digital personal data to safeguard privacy in the digital age.

Applicability:

• It applies to digital personal data processed within India, regardless of its origin (online or offline).
• It also applies to data processing outside India if it involves offering goods or services to Indian data subjects.

Evolution:

• It originates from the recommendations of the Justice BN Srikrishna-led Expert Committee, leading to the introduction of the Personal Data Protection Act in 2019.
• After consultations and revisions, the Digital Personal Data Protection Act, 2023, was enacted by both houses of Parliament.

Key Stakeholders:

• Data Principal (DP): The data owner who must give consent for data generation and processing.
• Data Fiduciary: The entity collecting, storing, and sharing data, acting as a "Consent Manager."
• Data Processor: The entity processing data on behalf of a data fiduciary.
• Data Protection Officer (DPO): An individual appointed by a data fiduciary to oversee data protection compliance.

Individuals have rights such as the right to information, correction, erasure, grievance redressal, and the right to nominate someone to exercise these rights in case of incapacity or death.