DPDP Act (Digital Personal Data Protection Act, India)
¿Qué es DPDP Act (Digital Personal Data Protection Act, India)?
DPDP Act (Digital Personal Data Protection Act, India)India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India.
The Digital Personal Data Protection Act, 2023 (DPDP Act) is India's comprehensive privacy law, replacing the limited protections previously available under the Information Technology Act, Section 43A. It applies to processing of digital personal data within India, and to processing outside India that targets data principals in India. Core obligations on data fiduciaries (controllers) include processing only for a lawful purpose for which the data principal has given consent or for legitimate uses listed in the Act; serving itemized consent notices in plain language and 22 scheduled Indian languages; honouring rights of access, correction, erasure, grievance redressal, and nomination; notifying both the Data Protection Board of India and affected data principals of personal-data breaches; observing additional obligations for 'Significant Data Fiduciaries' (DPO, DPIAs, independent audits); and transferring data only to jurisdictions not blacklisted by the central government. Penalties scale to ₹250 crore (~US $30 million) per instance. The DPDP Rules, the operative regulations, began phased notification through 2024–2026.
● Ejemplos
- 01
An Indian fintech ships consent notices in English plus the 22 scheduled languages and adds an in-app grievance redressal flow per DPDP Section 13.
- 02
A global SaaS provider serving Indian users designates an in-country grievance officer and updates its privacy notice to align with DPDP requirements.
● Preguntas frecuentes
¿Qué es DPDP Act (Digital Personal Data Protection Act, India)?
India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India. Pertenece a la categoría de Cumplimiento y marcos en ciberseguridad.
¿Qué significa DPDP Act (Digital Personal Data Protection Act, India)?
India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India.
¿Cómo funciona DPDP Act (Digital Personal Data Protection Act, India)?
The Digital Personal Data Protection Act, 2023 (DPDP Act) is India's comprehensive privacy law, replacing the limited protections previously available under the Information Technology Act, Section 43A. It applies to processing of digital personal data within India, and to processing outside India that targets data principals in India. Core obligations on data fiduciaries (controllers) include processing only for a lawful purpose for which the data principal has given consent or for legitimate uses listed in the Act; serving itemized consent notices in plain language and 22 scheduled Indian languages; honouring rights of access, correction, erasure, grievance redressal, and nomination; notifying both the Data Protection Board of India and affected data principals of personal-data breaches; observing additional obligations for 'Significant Data Fiduciaries' (DPO, DPIAs, independent audits); and transferring data only to jurisdictions not blacklisted by the central government. Penalties scale to ₹250 crore (~US $30 million) per instance. The DPDP Rules, the operative regulations, began phased notification through 2024–2026.
¿Cómo defenderse de DPDP Act (Digital Personal Data Protection Act, India)?
Las defensas contra DPDP Act (Digital Personal Data Protection Act, India) combinan habitualmente controles técnicos y prácticas operativas, como se detalla en la definición.
¿Cuáles son otros nombres para DPDP Act (Digital Personal Data Protection Act, India)?
Nombres alternativos comunes: Digital Personal Data Protection Act 2023, India DPDP.
● Términos relacionados
- compliance№ 488
RGPD
Reglamento General de Protección de Datos de la Unión Europea que regula el tratamiento de datos personales de personas en la UE y el EEE.
- compliance№ 925
PIPL (Personal Information Protection Law, China)
China's comprehensive personal-information protection statute, effective November 2021, with GDPR-like data subject rights, strict cross-border transfer requirements, and substantial penalties enforced by the Cyberspace Administration of China.
- compliance№ 685
LGPD
Ley General de Proteccion de Datos de Brasil (Ley n.o 13.709/2018), en vigor desde el 18 de septiembre de 2020, que regula el tratamiento de datos personales por entidades publicas y privadas.
- compliance№ 167
CCPA
Ley de Privacidad del Consumidor de California, ley estatal de EE. UU. que otorga derechos a los residentes de California sobre su información personal.
- compliance№ 312
Evaluación de Impacto relativa a la Protección de Datos (DPIA)
Evaluación estructurada, exigida por el artículo 35 del RGPD, que identifica y mitiga los riesgos para los derechos y libertades de las personas antes de iniciar un tratamiento de alto riesgo.
- privacy№ 317
Solicitud de acceso del interesado (DSAR)
Petición formal de una persona al responsable para conocer qué datos personales suyos se tratan y obtener una copia, conforme al artículo 15 del RGPD y leyes similares.