DPDP Act (Digital Personal Data Protection Act, India)
Что такое DPDP Act (Digital Personal Data Protection Act, India)?
DPDP Act (Digital Personal Data Protection Act, India)India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India.
The Digital Personal Data Protection Act, 2023 (DPDP Act) is India's comprehensive privacy law, replacing the limited protections previously available under the Information Technology Act, Section 43A. It applies to processing of digital personal data within India, and to processing outside India that targets data principals in India. Core obligations on data fiduciaries (controllers) include processing only for a lawful purpose for which the data principal has given consent or for legitimate uses listed in the Act; serving itemized consent notices in plain language and 22 scheduled Indian languages; honouring rights of access, correction, erasure, grievance redressal, and nomination; notifying both the Data Protection Board of India and affected data principals of personal-data breaches; observing additional obligations for 'Significant Data Fiduciaries' (DPO, DPIAs, independent audits); and transferring data only to jurisdictions not blacklisted by the central government. Penalties scale to ₹250 crore (~US $30 million) per instance. The DPDP Rules, the operative regulations, began phased notification through 2024–2026.
● Примеры
- 01
An Indian fintech ships consent notices in English plus the 22 scheduled languages and adds an in-app grievance redressal flow per DPDP Section 13.
- 02
A global SaaS provider serving Indian users designates an in-country grievance officer and updates its privacy notice to align with DPDP requirements.
● Частые вопросы
Что такое DPDP Act (Digital Personal Data Protection Act, India)?
India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India. Относится к категории Соответствие и стандарты в кибербезопасности.
Что означает DPDP Act (Digital Personal Data Protection Act, India)?
India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India.
Как работает DPDP Act (Digital Personal Data Protection Act, India)?
The Digital Personal Data Protection Act, 2023 (DPDP Act) is India's comprehensive privacy law, replacing the limited protections previously available under the Information Technology Act, Section 43A. It applies to processing of digital personal data within India, and to processing outside India that targets data principals in India. Core obligations on data fiduciaries (controllers) include processing only for a lawful purpose for which the data principal has given consent or for legitimate uses listed in the Act; serving itemized consent notices in plain language and 22 scheduled Indian languages; honouring rights of access, correction, erasure, grievance redressal, and nomination; notifying both the Data Protection Board of India and affected data principals of personal-data breaches; observing additional obligations for 'Significant Data Fiduciaries' (DPO, DPIAs, independent audits); and transferring data only to jurisdictions not blacklisted by the central government. Penalties scale to ₹250 crore (~US $30 million) per instance. The DPDP Rules, the operative regulations, began phased notification through 2024–2026.
Как защититься от DPDP Act (Digital Personal Data Protection Act, India)?
Защита от DPDP Act (Digital Personal Data Protection Act, India) обычно сочетает технические меры и операционные практики, как описано в определении выше.
Какие есть другие названия DPDP Act (Digital Personal Data Protection Act, India)?
Распространённые альтернативные названия: Digital Personal Data Protection Act 2023, India DPDP.
● Связанные термины
- compliance№ 488
GDPR
Общий регламент по защите данных Европейского союза, регулирующий обработку персональных данных лиц, находящихся в ЕС и ЕЭЗ.
- compliance№ 925
PIPL (Personal Information Protection Law, China)
China's comprehensive personal-information protection statute, effective November 2021, with GDPR-like data subject rights, strict cross-border transfer requirements, and substantial penalties enforced by the Cyberspace Administration of China.
- compliance№ 685
LGPD
Общий закон Бразилии о защите персональных данных (Закон № 13.709/2018), действующий с 18 сентября 2020 года и регулирующий обработку персональных данных государственными и частными организациями.
- compliance№ 167
CCPA
Закон о защите частной жизни потребителей Калифорнии — закон штата США, наделяющий жителей Калифорнии правами в отношении их персональных данных, хранимых бизнесом.
- compliance№ 312
Оценка воздействия на защиту данных (DPIA)
Структурированная оценка, требуемая статьёй 35 GDPR, которая выявляет и снижает риски для прав и свобод людей до начала обработки персональных данных с высоким риском.
- privacy№ 317
Запрос субъекта данных на доступ (DSAR)
Официальный запрос человека контролёру данных с целью узнать, какие из его персональных данных обрабатываются, и получить их копию, как это гарантировано статьёй 15 GDPR.