DPDP Act (Digital Personal Data Protection Act, India)
Was ist DPDP Act (Digital Personal Data Protection Act, India)?
DPDP Act (Digital Personal Data Protection Act, India)India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India.
The Digital Personal Data Protection Act, 2023 (DPDP Act) is India's comprehensive privacy law, replacing the limited protections previously available under the Information Technology Act, Section 43A. It applies to processing of digital personal data within India, and to processing outside India that targets data principals in India. Core obligations on data fiduciaries (controllers) include processing only for a lawful purpose for which the data principal has given consent or for legitimate uses listed in the Act; serving itemized consent notices in plain language and 22 scheduled Indian languages; honouring rights of access, correction, erasure, grievance redressal, and nomination; notifying both the Data Protection Board of India and affected data principals of personal-data breaches; observing additional obligations for 'Significant Data Fiduciaries' (DPO, DPIAs, independent audits); and transferring data only to jurisdictions not blacklisted by the central government. Penalties scale to ₹250 crore (~US $30 million) per instance. The DPDP Rules, the operative regulations, began phased notification through 2024–2026.
● Beispiele
- 01
An Indian fintech ships consent notices in English plus the 22 scheduled languages and adds an in-app grievance redressal flow per DPDP Section 13.
- 02
A global SaaS provider serving Indian users designates an in-country grievance officer and updates its privacy notice to align with DPDP requirements.
● Häufige Fragen
Was ist DPDP Act (Digital Personal Data Protection Act, India)?
India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India. Es gehört zur Kategorie Compliance und Frameworks der Cybersicherheit.
Was bedeutet DPDP Act (Digital Personal Data Protection Act, India)?
India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India.
Wie funktioniert DPDP Act (Digital Personal Data Protection Act, India)?
The Digital Personal Data Protection Act, 2023 (DPDP Act) is India's comprehensive privacy law, replacing the limited protections previously available under the Information Technology Act, Section 43A. It applies to processing of digital personal data within India, and to processing outside India that targets data principals in India. Core obligations on data fiduciaries (controllers) include processing only for a lawful purpose for which the data principal has given consent or for legitimate uses listed in the Act; serving itemized consent notices in plain language and 22 scheduled Indian languages; honouring rights of access, correction, erasure, grievance redressal, and nomination; notifying both the Data Protection Board of India and affected data principals of personal-data breaches; observing additional obligations for 'Significant Data Fiduciaries' (DPO, DPIAs, independent audits); and transferring data only to jurisdictions not blacklisted by the central government. Penalties scale to ₹250 crore (~US $30 million) per instance. The DPDP Rules, the operative regulations, began phased notification through 2024–2026.
Wie schützt man sich gegen DPDP Act (Digital Personal Data Protection Act, India)?
Schutzmaßnahmen gegen DPDP Act (Digital Personal Data Protection Act, India) kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.
Welche anderen Bezeichnungen gibt es für DPDP Act (Digital Personal Data Protection Act, India)?
Übliche alternative Bezeichnungen: Digital Personal Data Protection Act 2023, India DPDP.
● Verwandte Begriffe
- compliance№ 488
DSGVO
Datenschutz-Grundverordnung der Europäischen Union, die die Verarbeitung personenbezogener Daten von Personen in der EU und im EWR regelt.
- compliance№ 925
PIPL (Personal Information Protection Law, China)
China's comprehensive personal-information protection statute, effective November 2021, with GDPR-like data subject rights, strict cross-border transfer requirements, and substantial penalties enforced by the Cyberspace Administration of China.
- compliance№ 685
LGPD
Brasilianisches Allgemeines Datenschutzgesetz (Gesetz Nr. 13.709/2018), in Kraft seit dem 18. September 2020, das die Verarbeitung personenbezogener Daten durch oeffentliche und private Stellen regelt.
- compliance№ 167
CCPA
California Consumer Privacy Act — US-Datenschutzgesetz des Bundesstaates Kalifornien, das Kalifornierinnen und Kaliforniern Rechte über ihre personenbezogenen Daten gewährt.
- compliance№ 312
Datenschutz-Folgenabschätzung (DPIA)
Strukturierte Bewertung gemäß Artikel 35 der DSGVO, die vor einer voraussichtlich risikoreichen Datenverarbeitung Risiken für Rechte und Freiheiten betroffener Personen identifiziert und mindert.
- privacy№ 317
Auskunftsersuchen der betroffenen Person (DSAR)
Förmlicher Antrag einer Person an den Verantwortlichen, zu erfahren, welche ihrer personenbezogenen Daten verarbeitet werden und eine Kopie zu erhalten, gemäß Art. 15 DSGVO und vergleichbaren Gesetzen.