DPDP Act (Digital Personal Data Protection Act, India)
O que é DPDP Act (Digital Personal Data Protection Act, India)?
DPDP Act (Digital Personal Data Protection Act, India)India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India.
The Digital Personal Data Protection Act, 2023 (DPDP Act) is India's comprehensive privacy law, replacing the limited protections previously available under the Information Technology Act, Section 43A. It applies to processing of digital personal data within India, and to processing outside India that targets data principals in India. Core obligations on data fiduciaries (controllers) include processing only for a lawful purpose for which the data principal has given consent or for legitimate uses listed in the Act; serving itemized consent notices in plain language and 22 scheduled Indian languages; honouring rights of access, correction, erasure, grievance redressal, and nomination; notifying both the Data Protection Board of India and affected data principals of personal-data breaches; observing additional obligations for 'Significant Data Fiduciaries' (DPO, DPIAs, independent audits); and transferring data only to jurisdictions not blacklisted by the central government. Penalties scale to ₹250 crore (~US $30 million) per instance. The DPDP Rules, the operative regulations, began phased notification through 2024–2026.
● Exemplos
- 01
An Indian fintech ships consent notices in English plus the 22 scheduled languages and adds an in-app grievance redressal flow per DPDP Section 13.
- 02
A global SaaS provider serving Indian users designates an in-country grievance officer and updates its privacy notice to align with DPDP requirements.
● Perguntas frequentes
O que é DPDP Act (Digital Personal Data Protection Act, India)?
India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India. Pertence à categoria Conformidade e frameworks da cibersegurança.
O que significa DPDP Act (Digital Personal Data Protection Act, India)?
India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India.
Como funciona DPDP Act (Digital Personal Data Protection Act, India)?
The Digital Personal Data Protection Act, 2023 (DPDP Act) is India's comprehensive privacy law, replacing the limited protections previously available under the Information Technology Act, Section 43A. It applies to processing of digital personal data within India, and to processing outside India that targets data principals in India. Core obligations on data fiduciaries (controllers) include processing only for a lawful purpose for which the data principal has given consent or for legitimate uses listed in the Act; serving itemized consent notices in plain language and 22 scheduled Indian languages; honouring rights of access, correction, erasure, grievance redressal, and nomination; notifying both the Data Protection Board of India and affected data principals of personal-data breaches; observing additional obligations for 'Significant Data Fiduciaries' (DPO, DPIAs, independent audits); and transferring data only to jurisdictions not blacklisted by the central government. Penalties scale to ₹250 crore (~US $30 million) per instance. The DPDP Rules, the operative regulations, began phased notification through 2024–2026.
Como se defender contra DPDP Act (Digital Personal Data Protection Act, India)?
As defesas contra DPDP Act (Digital Personal Data Protection Act, India) costumam combinar controles técnicos e práticas operacionais, conforme detalhado na definição acima.
Quais são outros nomes para DPDP Act (Digital Personal Data Protection Act, India)?
Nomes alternativos comuns: Digital Personal Data Protection Act 2023, India DPDP.
● Termos relacionados
- compliance№ 488
RGPD
Regulamento Geral sobre a Proteção de Dados da União Europeia, que regula o tratamento de dados pessoais de pessoas na UE e no EEE.
- compliance№ 925
PIPL (Personal Information Protection Law, China)
China's comprehensive personal-information protection statute, effective November 2021, with GDPR-like data subject rights, strict cross-border transfer requirements, and substantial penalties enforced by the Cyberspace Administration of China.
- compliance№ 685
LGPD
Lei Geral de Protecao de Dados do Brasil (Lei n.o 13.709/2018), em vigor desde 18 de setembro de 2020, que regula o tratamento de dados pessoais por entidades publicas e privadas.
- compliance№ 167
CCPA
California Consumer Privacy Act, lei estadual dos EUA que concede aos residentes da Califórnia direitos sobre as suas informações pessoais detidas por empresas.
- compliance№ 312
Avaliação de Impacto sobre a Proteção de Dados (DPIA)
Avaliação estruturada, exigida pelo artigo 35 do RGPD, que identifica e mitiga riscos para os direitos e liberdades das pessoas antes do início de um tratamento de alto risco.
- privacy№ 317
Pedido de acesso do titular dos dados (DSAR)
Pedido formal de uma pessoa ao responsável pelo tratamento para saber quais dos seus dados pessoais são tratados e obter uma cópia, ao abrigo do artigo 15.º do RGPD e leis equivalentes.