Implement necessary technical and organisational measures for data protection
Implement necessary technical and organisational measures for data protection
What is the Digital Personal Data Protection Bill? The Digital Personal Data Protection (DPDP) bill or law is a comprehensive framework aimed at safeguarding the privacy and security of the personal information of Indian citizens while promoting the growth of the digital economy. Any business based in India or operating from a foreign location - that processes the personal data of Indian citizens to offer them goods or services – will come under the purview of this law, which will govern how they collect, process, store, and share their customers’ personal information. The new law will give individuals greater control over their data and establish strict regulations for data protection.
DPDP compliance measures:
To comply with the Act, organisations are required to take the following steps:
The need of the hour is to have a robust data protection culture in the country. The introduction of the Digital Personal Data Protection Bill in India reflects the growing need for comprehensive data protection laws in the country. This legislation aims to address digital personal data protection compliance by establishing clear guidelines and safeguards for how individuals' information is handled in the digital age. As India continues to advance technologically, the importance of this bill cannot be overstated, as it seeks to strike a balance between the convenience of digital services and the imperative to protect the privacy and security of citizens' personal data.
The DPDP law regulates the governance of personal data collected by organisations (online or offline and later digitised) and aims at protecting the individual’s privacy.
The key to allowing a piece of legislation to last long enough to be effective is to ensure that it is established on sound principles that can be enforced through astute regulation. The DPDP Bill has been drafted keeping in mind certain underlying principles such as lawful and fair data processing, data minimisation, and accuracy of personal data, among others. Some of the key steps that businesses need to take to comply with the Digital Personal Data. Protection Law are:
TÜV SÜD is widely recognised as a globally trusted service provider, offering comprehensive data protection compliance and data privacy management services. Our expertise in cybersecurity and data protection compliance are unmatched, making us a trusted choice for businesses seeking to navigate the complex landscape of data privacy regulations.
At TÜV SÜD, our constant endeavour has been to identify our customers' business needs and help them quickly address them. Our highly skilled workforce foresaw the challenges the Digital Personal Data Protection Law might bring. We have a team of certified privacy professionals with vast experience in data protection assignments like EU-GDPR, Singapore PDPA and CCPA etc. We can help you in your data protection journey, privacy framework, impact assessment and flexible resource models.
With our Digital Personal Data Protection Act (DPDPA) service, TÜV SÜD assists organisations in ensuring that they adhere to stringent data protection laws and regulations, safeguarding both their reputation and their customers' sensitive information.
Our robust and intuitive data privacy management service helps businesses and government entities discover, categorise, and identify sensitive information scattered throughout their resources. Our DPDPA service also helps manage requests from data subjects to ensure total compliance with data privacy regulations like the Digital Personal Data Protection law and avoid hefty penalties.
Highlights of TÜV SÜD’S Data Privacy Management Service:
The 2023 Digital Personal Data Protection Act (DPDP Act) defines personal data as 'any information concerning an individual who can be identified directly or indirectly through this data.” This includes all types of personal identification information such as name, contact number, home address, email ID, Aadhaar, PAN, Voter ID, etc
The DPDP Act is relevant for managing digital personal data in India, irrespective of whether it was gathered online or in a non-digital form and later digitised. Additionally, the Personal Data Protection Act also covers data processing conducted beyond India, if it includes providing goods or services within the country.
Personal data can be possessed if it serves a legitimate purpose and is acquired with the consent of the data subject. Amongst other legal basis for possessing personal data, the primary basis is that of consent. In many data protection regulations, individuals can provide consent for the processing and possession of their personal data. This consent must be informed, specific, and freely given by the data subject. Organisations can only possess data for the purposes explicitly authorised by the individual. The Digital Personal Data Protection Act 2023 (DPDP Act) is an example of legislation that outlines consent as a legal basis for data processing.
Yes, the Digital Personal Data Protection Act (DPDP Act) permits the transfer of personal data outside of India. While the DPDP Act allows for the transfer of personal data from India to foreign destinations, it does so with restrictions. These conditions include obtaining explicit consent from the data principal and ensuring that the receiving country provides an adequate level of data protection. According to the digital personal data protection bill, data transfer would be permissible to all countries until any of them are blacklisted by the government.
In accordance with the 2023 Digital Personal Data Protection (DPDP) Act of India, the title of 'Significant Data Fiduciary (SDF)' is established. This act empowers the government to designate any data fiduciary or a specific group of data fiduciaries as Significant Data Fiduciaries based on various factors. These factors include the scale and sensitivity of personal data processing, the potential threat to the rights of data subjects, the impact on India's sovereignty and integrity, the risk to electoral democracy, as well as national security and public order concerns.
What is Data Governance and why is it important in India?
Learn More
Site Selector
Global
Americas
Asia
Europe
Middle East and Africa