DPDP Act (Digital Personal Data Protection Act, India)
Qu'est-ce que DPDP Act (Digital Personal Data Protection Act, India) ?
DPDP Act (Digital Personal Data Protection Act, India)India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India.
The Digital Personal Data Protection Act, 2023 (DPDP Act) is India's comprehensive privacy law, replacing the limited protections previously available under the Information Technology Act, Section 43A. It applies to processing of digital personal data within India, and to processing outside India that targets data principals in India. Core obligations on data fiduciaries (controllers) include processing only for a lawful purpose for which the data principal has given consent or for legitimate uses listed in the Act; serving itemized consent notices in plain language and 22 scheduled Indian languages; honouring rights of access, correction, erasure, grievance redressal, and nomination; notifying both the Data Protection Board of India and affected data principals of personal-data breaches; observing additional obligations for 'Significant Data Fiduciaries' (DPO, DPIAs, independent audits); and transferring data only to jurisdictions not blacklisted by the central government. Penalties scale to ₹250 crore (~US $30 million) per instance. The DPDP Rules, the operative regulations, began phased notification through 2024–2026.
● Exemples
- 01
An Indian fintech ships consent notices in English plus the 22 scheduled languages and adds an in-app grievance redressal flow per DPDP Section 13.
- 02
A global SaaS provider serving Indian users designates an in-country grievance officer and updates its privacy notice to align with DPDP requirements.
● Questions fréquentes
Qu'est-ce que DPDP Act (Digital Personal Data Protection Act, India) ?
India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India. Cette notion relève de la catégorie Conformité et référentiels en cybersécurité.
Que signifie DPDP Act (Digital Personal Data Protection Act, India) ?
India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India.
Comment fonctionne DPDP Act (Digital Personal Data Protection Act, India) ?
The Digital Personal Data Protection Act, 2023 (DPDP Act) is India's comprehensive privacy law, replacing the limited protections previously available under the Information Technology Act, Section 43A. It applies to processing of digital personal data within India, and to processing outside India that targets data principals in India. Core obligations on data fiduciaries (controllers) include processing only for a lawful purpose for which the data principal has given consent or for legitimate uses listed in the Act; serving itemized consent notices in plain language and 22 scheduled Indian languages; honouring rights of access, correction, erasure, grievance redressal, and nomination; notifying both the Data Protection Board of India and affected data principals of personal-data breaches; observing additional obligations for 'Significant Data Fiduciaries' (DPO, DPIAs, independent audits); and transferring data only to jurisdictions not blacklisted by the central government. Penalties scale to ₹250 crore (~US $30 million) per instance. The DPDP Rules, the operative regulations, began phased notification through 2024–2026.
Comment se défendre contre DPDP Act (Digital Personal Data Protection Act, India) ?
Les défenses contre DPDP Act (Digital Personal Data Protection Act, India) combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.
Quels sont les autres noms de DPDP Act (Digital Personal Data Protection Act, India) ?
Noms alternatifs courants : Digital Personal Data Protection Act 2023, India DPDP.
● Termes liés
- compliance№ 488
RGPD
Règlement général sur la protection des données de l'Union européenne, encadrant le traitement des données personnelles des personnes situées dans l'UE et l'EEE.
- compliance№ 925
PIPL (Personal Information Protection Law, China)
China's comprehensive personal-information protection statute, effective November 2021, with GDPR-like data subject rights, strict cross-border transfer requirements, and substantial penalties enforced by the Cyberspace Administration of China.
- compliance№ 685
LGPD
Loi generale bresilienne sur la protection des donnees personnelles (loi n. 13 709/2018), en vigueur depuis le 18 septembre 2020, qui regit le traitement des donnees personnelles par les entites publiques et privees.
- compliance№ 167
CCPA
California Consumer Privacy Act, loi américaine de l'État de Californie qui confère aux résidents californiens des droits sur leurs informations personnelles.
- compliance№ 312
Analyse d'impact relative à la protection des données (AIPD/DPIA)
Analyse structurée, exigée par l'article 35 du RGPD, qui identifie et atténue les risques pour les droits et libertés des personnes avant le démarrage d'un traitement à haut risque.
- privacy№ 317
Demande d'accès de la personne concernée (DSAR)
Demande formelle adressée par une personne au responsable de traitement pour savoir quelles données personnelles la concernant sont traitées et en obtenir une copie, conformément à l'article 15 du RGPD.