Digital Personal Data

Protection Act 2023

Exploring the impact and requirements of the Digital Personal Data Protection Act 2023 for businesses and legal professionals.
 Data Protection Timeline

Context Behind the DPDP 2023

Exploring the journey towards the enactment of the Digital Personal Data Protection Bill 2023

2017 2018 2023

Formation of the Submission of the 2019 Enactment of the
Committee of Committee's report Introduction of the Digital Personal
Experts on Data on Data Protection Personal Data Data Protection Bill
S Protection Protection Bill

T E

A N

R D

T
 Data Protection Terms

Key Definitions in DPDP Personal Data Processing

2023
Understanding the Fundamental Terms of
Data Protection Legislation
Refers to any information that can
Encompasses all activities
identify an individual, crucial for
involving personal data, such
determining data protection
as collection, storage, usage,
obligations and rights.
and disposal, emphasizing the
importance of proper data
handling.

Data Principal
Denotes the person to whom the
personal data belongs, highlighting
Data Fiduciary
Represents the entity responsible for
the focus on individual rights and
determining how and why personal
consent in data processing.
data is processed, underscoring
accountability and transparency in
data management.

Data Processing Roles Overview
Illustration of Key
Actors
Understanding the Roles in Data
Processing under the Digital
Personal Data Protection Act 2023
X - Data Principal
X, as the Data Principal, is the web user Z - Data Fiduciary
providing personal data and necessary
Z, the Data Fiduciary, decides to use the
consent, initiating data processing.
data for targeted marketing, acting as the
custodian of the user's data.
Y - Data Processor
Y, the Data Processor, processes the data Legal Framework
on behalf of the company Z, ensuring
compliance with data protection
Compliance
regulations. All actors must adhere to the Digital
Data Processing Flow Personal Data Protection Act 2023 to ensure
lawful and ethical data processing practices.
X inputs data and provides consent -> Z
decides to use the data -> Y processes the
data for Z, ensuring data protection
compliance.
 Exemptions for Personal
Data
Certain exemptions include personal data
processed for personal/domestic
purposes and data already in the public
domain, allowing flexibility for non-
commercial data usage. Processing of Digital
Data Protection Regulations
Data in India
Applicability of the The DPDP 2023 governs the
processing of digital data collected
DPDP 2023 within India in digital or digitized
form, ensuring compliance with

Extraterritorial Understanding the Scope and Impact of the data protection regulations.
Digital Personal Data Protection Act 2023
Application
The act extends to processing digital
personal data outside India if it pertains
to offering goods/services to Data
Principals in India, emphasizing cross-
border data protection.
 Data Processing Regulations

Grounds for Processing Personal Data

Understanding the Legal Basis for Personal Data Processing

Legitimate Uses
Consent as a Importance of Withdrawal of
Definition
Legal Basis Notice Consent
Legitimate grounds for
Processing personal data Providing notice before Individuals have the
processing personal data
is permissible with seeking consent is right to withdraw
include government
individual consent, crucial to inform consent at any time,
benefits/services,
ensuring transparency individuals about data emphasizing the
medical emergencies,
and compliance with collection purposes and importance of respecting
and employment
data protection ensure transparent user choices and data
purposes.
regulations. processing. control.
 Data Rights & Duties Obtain Information about
Overview
Processing
Rights and Duties of Data Data principals have the right to request and
obtain details about how their personal data is
Principals being processed by organizations.
Understanding the Fundamental Rights and Duties of Data
Principals under the Digital Personal Data Protection Act 2023 Seek Correction and Erasure of
Personal Data
Data principals can request corrections to inaccuracies
in their personal data and ask for the deletion of
specific information when necessary.

Nominate Another Person for Rights

Exercise
In situations of incapacity or death, data principals can appoint
another individual to act on their behalf regarding data rights
and requests.

Grievance Redressal Mechanism

Data principals have the right to seek resolution for any grievances
related to the processing or handling of their personal data.
 Data Compliance Obligations

Obligations of Data
Fiduciaries
Navigating Data Protection Regulations Under the Digital Personal Data Protection Act 2023

Ensure Data Accuracy and

Completeness
Data fiduciaries must actively work towards verifying and 01
maintaining accurate and complete data to uphold the integrity
and reliability of stored information.

Implement Security Safeguards

Develop robust security measures to safeguard against potential 02
data breaches, ensuring the protection of sensitive information
from unauthorized access or cyber threats.
 Data Protection Exceptions
Exemptions under DPDP 2023
Understanding Exceptions and Exemptions in Data Protection Laws
Prevention and
Investigation of Offences
Data processing exemptions
apply for activities related to
the prevention and
investigation of criminal
offences, ensuring legal
compliance and security.
Enforcement of Legal
Rights or Claims
Certain data protection
regulations do not restrict
processing activities
necessary for enforcing legal
rights or claims, safeguarding
legal proceedings and rights.
Exemptions by Central
Government
The central government holds
the authority to exempt
specific data processing
activities concerning national
security, public order,
research, archiving, or
statistical purposes.
Security of the State and
Public Order
Data protection exemptions
may be granted to uphold
state security and public
order, allowing essential data
processing for these critical
purposes.
 Data Protection Governance

Establishment of the Data Protection

Board
Regulating Data Protection and Compliance in India

Monitoring Compliance
and Penalizing
Violations
The Board oversees adherence to data
protection regulations and enforces penalties
for non-compliance, ensuring data security.

Addressing Data
Breaches and
Grievances
In cases of data breaches, the Board takes
prompt action by directing necessary
measures and addresses grievances to
safeguard individuals' data rights.
 Penalty Implications

Penalties for Non-Compliance

Understanding the Consequences of Non-Compliance with the Digital Personal Data Protection Act 2023

Up to Rs 200 crore Penalty for Obligations Non-Fulfillment Up to Rs 250 crore Penalty for Data Breach Prevention Failure

Non-compliance with obligations for children may result in Failure to implement adequate security measures to prevent data
penalties of up to Rs 200 crore, emphasizing the seriousness of breaches can lead to penalties of up to Rs 250 crore, highlighting
protecting children's rights and data privacy. the importance of robust data protection practices.
 Compliance Strategies

Preparing for Compliance

Essential steps for businesses to ensure compliance with the Digital Personal Data Protection Act 2023

Appoint Data Conduct Regular Implement Data Provide Employee

Protection Officer Audits Security Measures Training
(DPO) Regular data audits and Adopt robust data security Offer training programs to

Designate a DPO for Significant assessments help identify measures and breach protocols enhance employees' awareness

Data Fiduciaries to oversee data vulnerabilities, ensure data to safeguard sensitive of data protection protocols,

protection strategies and accuracy, and compliance information from unauthorized privacy policies, and compliance

compliance. readiness. access or breaches. requirements.

 Data Protection
Data Minimization
Guidelines 01
Only collect data that is necessary for your operations to reduce risk exposure.
Best
Practices Transparency
02
for Data Inform individuals about how their data will be collected and used to build trust.

Protection
Security
03
Adopt robust security protocols to safeguard personal data from breaches.
Essential Guidelines
for Compliance with
the Digital Personal Accountability
04
Data Protection Act Regularly review policies to ensure compliance and improvement in data practices.
2023
 Compliance Strategy

Case Study: Implementing DPDP 2023

A Detailed Overview of XYZ Corporation's Compliance Journey

Data Audit
Conducted a thorough audit to assess Data Protection Officer
current data management practices and
Appointed a dedicated Data Protection
identify gaps.
Officer to oversee compliance and data
security initiatives.

Security Measures
Implemented robust data security and
breach response protocols to safeguard
sensitive information.

Employee Training
Consent Management Provided comprehensive training
programs for employees to enhance
Developed clear consent management
awareness of data protection.
policies to ensure compliance with user
privacy preferences.
Conclusion and Call
to Action

Initiate DPDP 2023 compliance measures

now to safeguard data and prevent
penalties.