The Digital Personal Data Protection Act, 2023 emerges as a historic milestone in the realm of digital rights after it was passed by the Lower House of Parliament (the Lok Sabha) and the Upper House of Parliament (the Rajya Sabha) followed by Presidential assent making it a law of the land. With privacy at its core, this landmark legislation would empower individuals, redefine business practices, and usher in a new era of responsible data handling.

The Act regulates the governance of personal data collected by organisations, and aims at protecting the individual’s privacy by empowering them with rights over the manner in which their data is processed.

We are pleased to present the overview of the Act and would be pleased to assist you in formulating your strategies and thoughts in your organisation's Personal Data Protection journey.

Key highlights:

  • Lawful basis of processing consolidated to consent and certain legitimate uses
  • Data localisation rules relaxed allowing transfers across jurisdictions unless specifically notified
  • Data processing agreements mandatory before outsourcing activities to third parties
  • Financial penalties up to INR250 crore per instance of non-compliance with the law
  • Periodic Data Protection Impact Assessments made mandatory for Significant Data Fiduciary
  • Personal data in public domain excluded from scope.