🇮🇳 India
Informations
Extracts :
Extract :
There is no exclusive mention on this in the DPDP Act.
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"The territoriality provisions are also similar to the GDPR. The DPDP Act is applicable to data which is processed within Indian territory or, if processed outside, is in connection with any activity relating to the offering of goods and services to individuals within India. However, the DPDP Act does not apply to entities outside India that monitor the behaviour of data subjects within India."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
There is no mention of legal entities being considered as data subjects.
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extract :
India does not yet have a specific law on data protection or any dedicated regulatory authority responsi_x0002_ble for administering data protection-related matters. Nevertheless, the Information Technology Act,
2000 ('the IT Act') and the rules and regulations enacted thereunder (hereinafter collectively referred to
as 'the IT Laws'), as well as other sectoral laws (e.g. financial services, insurance, and telecom), contain
provisions which have an implication on the processing of personal data.
2022
Reference :
Data breach | DataGuidance
Information on data breach regulation - IND
Extracts :
Extract :
"The territoriality provisions are also similar to the GDPR. The DPDP Act is applicable to data which is processed within Indian territory or, if processed outside, is in connection with any activity relating to the offering of goods and services to individuals within India."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extract :
"The SPDI Rules are issued under the IT Act and, in addition to having a territorial application, applies to
offences that occur outside India, if the offences involve electronic resources in India."
2021
Reference :
India Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"The DPDP Act is ‘principles-based legislation’ that relies on concepts that are broadly similar to those in the GDPR. It governs data fiduciaries (i.e. data controllers), data processors and data principals (i.e. data subjects)."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extract :
"Key definitions under the DPDP Act
While the majority of concepts in the DPDP Act are similar to those in the GDPR, the terminology differs. Key definitions you need to get familiar with are as follows:
Data fiduciary: It is the entity that, alone or jointly with others, determines the purpose and the means of processing personal data. (i.e., data controller)
Data Processor: Entity that processes digital personal data on behalf of a data fiduciary.
Data principal: Individuals whose personal data are collected and processed (i.e., data subject)."
2023
Reference :
India's Digital Personal Data Protection (DPDP) Act, 2023: everything you need to know
Information on India data protection law | Didomi
Link to reference Extracts :
Extract :
"The territoriality provisions are also similar to the GDPR. The DPDP Act is applicable to data which is processed within Indian territory or, if processed outside, is in connection with any activity relating to the offering of goods and services to individuals within India. However, the DPDP Act does not apply to entities outside India that monitor the behaviour of data subjects within India."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"The DPDP Act does not distinguish between personal and sensitive personal data/critical personal data. "
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
There is nothing in the official text on this.
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
"Unlike the GDPR, penalties for breaches and non-compliance of the DPDP Act are turnover agnostic, with the maximum penalty for different specified offences ranging from INR 50 crores to 250 crores (approximately Euro 5-25m)"
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"Unlike the GDPR, penalties for breaches and non-compliance of the DPDP Act are turnover agnostic, with the maximum penalty for different specified offences ranging from INR 50 crores to 250 crores (approximately Euro 5-25m)"
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"Unlike the GDPR, penalties for breaches and non-compliance of the DPDP Act are turnover agnostic, with the maximum penalty for different specified offences ranging from INR 50 crores to 250 crores (approximately Euro 5-25m)"
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"There are financial penalties up to INR 250 crore for data fiduciary and the Act does not impose criminal penalty for non-compliance."
Reference :
The Digital Personal Data Protection Act, 2023
Information on India data protection law | PwC
Link to reference Extracts :
Extract :
There is no information in the legal text.
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extracts :
Extract :
There is no information in the legal text.
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extracts :
Extract :
There is no information in the legal text.
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extracts :
Extract :
"Data principals have the right to access information, nomination, correction, completion, updating and erasure and grievance redressal."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"There are financial penalties up to INR 250 crore for data fiduciary and the Act does not impose criminal penalty for non-compliance."
2023
Reference :
The Digital Personal Data Protection Act, 2023
Information on India data protection law | PwC
Link to reference Extracts :
Extract :
There is no information in the legal text.
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extracts :
Extract :
A unique feature of the DPDP Act, data fiduciaries have been classified into different brackets on the basis of volume and sensitivity of the personal data (and other prescribed criteria). Organisations routinely dealing with large volumes of individual personal data will be classified as significant data fiduciaries and have additional obligations such as appointing a data protection officer and an independent data auditor, and conducting data protection impact assessments.
On the other hand, small-sized data fiduciaries, including start-ups, can be exempted by the Indian Government from certain obligations such as notice, ensuring accuracy, completeness and erasure of personal data and ensuring data principals’ right to access information."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
There is no information in the legal text.
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extracts :
Extract :
"In addition, all personal data breaches are mandatorily reportable to the Board and, in a first in India, to affected data principals. The timeline for reporting a data breach under the DPDP Act is expected to be clarified by way of rules.
This requirement is different from the GDPR, which requires data controllers to notify risky breaches to the relevant supervisory authority and high risk breaches to data subjects. The purpose of requiring notification of all personal data breaches without any threshold is unclear – while individuals may like to be informed of the breach, notification of all personal data breaches is likely to cause information overload and unnecessary alarm. Notification of individuals can also be costly both in terms of sending out the initial notification and then dealing with questions from affected data principals."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"In addition, all personal data breaches are mandatorily reportable to the Board and, in a first in India, to affected data principals. The timeline for reporting a data breach under the DPDP Act is expected to be clarified by way of rules.
This requirement is different from the GDPR, which requires data controllers to notify risky breaches to the relevant supervisory authority and high risk breaches to data subjects. The purpose of requiring notification of all personal data breaches without any threshold is unclear – while individuals may like to be informed of the breach, notification of all personal data breaches is likely to cause information overload and unnecessary alarm. Notification of individuals can also be costly both in terms of sending out the initial notification and then dealing with questions from affected data principals."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
There is no information in the legal text.
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extracts :
Extract :
"In addition, all personal data breaches are mandatorily reportable to the Board and, in a first in India, to affected data principals. The timeline for reporting a data breach under the DPDP Act is expected to be clarified by way of rules.
This requirement is different from the GDPR, which requires data controllers to notify risky breaches to the relevant supervisory authority and high risk breaches to data subjects. The purpose of requiring notification of all personal data breaches without any threshold is unclear – while individuals may like to be informed of the breach, notification of all personal data breaches is likely to cause information overload and unnecessary alarm. Notification of individuals can also be costly both in terms of sending out the initial notification and then dealing with questions from affected data principals."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"In addition, all personal data breaches are mandatorily reportable to the Board and, in a first in India, to affected data principals. The timeline for reporting a data breach under the DPDP Act is expected to be clarified by way of rules.
This requirement is different from the GDPR, which requires data controllers to notify risky breaches to the relevant supervisory authority and high risk breaches to data subjects. The purpose of requiring notification of all personal data breaches without any threshold is unclear – while individuals may like to be informed of the breach, notification of all personal data breaches is likely to cause information overload and unnecessary alarm. Notification of individuals can also be costly both in terms of sending out the initial notification and then dealing with questions from affected data principals."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"A Data Fiduciary shall protect personal data in its possession or under its control,
including in respect of any processing undertaken by it or on its behalf by a Data Processor,
by taking reasonable security safeguards to prevent personal data breach."
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extracts :
Extract :
There is no information in the legal text.
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extracts :
Extract :
"No such right has been explicitly provided under the IT Act and SPDI Rules.
Such a right has been proposed under the DP Bill in the context of data processing undertaken through automated
means. In such cases, a data principal has a right to receive certain information relating to their personal data from a data fiduciary in a structured and machine-readable format. Further, data principals may require data fiduciaries to transfer such data to another data fiduciary."
Reference :
ICLG Website
Link to reference Extracts :
Extract :
There is no information in the legal text.
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extracts :
Extract :
"Much like the GDPR, the DPDP outlines that valid consent must be freely given, specific, informed, unconditional and unambiguous. Data Principals must give consent with a clear affirmative action, and such consent shall only be valid for the specified purpose. "
2023
Reference :
India Passes Digital Personal Data Protection Bill
Information on India data protection law | Onetrust
Link to reference Extracts :
Extract :
"Parental consent must be obtained when processing data of all minors (defined as those under 18 years of age). There are additional restrictions on the usage of such data.
The age of majority is different in the GDPR, which states that consent from a child aged under 16 years to use online services is only valid if authorised by a parent (that age can be reduced to 13 in any national legislation). The special rules for children also only apply where the legal basis for processing is consent and do not necessarily foreclose reliance on other legal bases."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"Data principals have the right to access information, nomination, correction, completion, updating and erasure and grievance redressal. One of the major innovations under the GDPR, the right of data portability, is missing, possibly reflecting the limited take up of that right within the EU."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"Data principals have the right to access information, nomination, correction, completion, updating and erasure and grievance redressal. One of the major innovations under the GDPR, the right of data portability, is missing, possibly reflecting the limited take up of that right within the EU."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"Data principals have the right to access information, nomination, correction, completion, updating and erasure and grievance redressal. One of the major innovations under the GDPR, the right of data portability, is missing, possibly reflecting the limited take up of that right within the EU."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"Data Principals have the right to withdraw her consent at any time and withdrawing consent must be as easy as giving consent. Data Fiduciaries will also be required to communicate the withdrawal of consent downstream to vendors and other third parties. "
2023
Reference :
India Passes Digital Personal Data Protection Bill
Information on India data protection law | Onetrust
Link to reference Extracts :
Extract :
There is no information in the legal text.
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extracts :
Extract :
"The DPDP Act allows for cross-border transfers to all countries unless specifically restricted by the Indian Government. This provides a much simpler approach to international transfers compared to the complex matrix of adequacy, SCCs, BCRs and TIAs currently in placed under the GDPR."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"The DPDP Act allows for cross-border transfers to all countries unless specifically restricted by the Indian Government. This provides a much simpler approach to international transfers compared to the complex matrix of adequacy, SCCs, BCRs and TIAs currently in placed under the GDPR."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"The DPDP Act allows for cross-border transfers to all countries unless specifically restricted by the Indian Government. This provides a much simpler approach to international transfers compared to the complex matrix of adequacy, SCCs, BCRs and TIAs currently in placed under the GDPR."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"The DPDP Act allows for cross-border transfers to all countries unless specifically restricted by the Indian Government. This provides a much simpler approach to international transfers compared to the complex matrix of adequacy, SCCs, BCRs and TIAs currently in placed under the GDPR."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"The DPDP Act allows for cross-border transfers to all countries unless specifically restricted by the Indian Government. This provides a much simpler approach to international transfers compared to the complex matrix of adequacy, SCCs, BCRs and TIAs currently in placed under the GDPR."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"The DPDP Act allows for cross-border transfers to all countries unless specifically restricted by the Indian Government. This provides a much simpler approach to international transfers compared to the complex matrix of adequacy, SCCs, BCRs and TIAs currently in placed under the GDPR."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
International Data transfer Agreements | DataGuidance
Comparison of international data transfer agreements
Extracts :
Extract :
Data entered based on reference.
2022
Reference :
International Data transfer Agreements | DataGuidance
Comparison of international data transfer agreements
Extracts :
Extract :
"The DPDP Act allows for cross-border transfers to all countries unless specifically restricted by the Indian Government. This provides a much simpler approach to international transfers compared to the complex matrix of adequacy, SCCs, BCRs and TIAs currently in placed under the GDPR."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
International Data transfer Agreements | DataGuidance
Comparison of international data transfer agreements
Extracts :
Extract :
"The DPDP Act allows for cross-border transfers to all countries unless specifically restricted by the Indian Government. This provides a much simpler approach to international transfers compared to the complex matrix of adequacy, SCCs, BCRs and TIAs currently in placed under the GDPR."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"The DPDP Act allows for cross-border transfers to all countries unless specifically restricted by the Indian Government. This provides a much simpler approach to international transfers compared to the complex matrix of adequacy, SCCs, BCRs and TIAs currently in placed under the GDPR."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"The DPDP Act allows for cross-border transfers to all countries unless specifically restricted by the Indian Government. This provides a much simpler approach to international transfers compared to the complex matrix of adequacy, SCCs, BCRs and TIAs currently in placed under the GDPR."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
There is no information in the legal text.
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extracts :
Extract :
"Every significant data fiduciary is required to appoint a Data Protection Officer (DPO) responsible for addressing the inquiries and concerns of data principals—those individuals whose data is collected and processed. "
2023
Reference :
India’s Digital Personal Data Protection Act, 2023: Data Privacy Compliance
Information on India data protection law | India Briefing
Link to reference Extracts :
Extract :
2023
Extracts :
Extract :
There is no information in the legal text.
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extracts :
Extract :
There is no information in the legal text.
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extracts :
Extract :
"Like most data protection laws, the DPDP requires organizations to present Data Principals with a privacy notice before every request for consent. Such privacy notices should outline:
The personal data being collected
The purposes of processing
Information relating to how the individual can exercise their rights
How individuals can make complaints to the Data Protection Board"
2023
Reference :
India Passes Digital Personal Data Protection Bill
Information on India data protection law | Onetrust
Link to reference Extracts :
Extract :
"Like most data protection laws, the DPDP requires organizations to present Data Principals with a privacy notice before every request for consent. Such privacy notices should outline:
The personal data being collected
The purposes of processing
Information relating to how the individual can exercise their rights
How individuals can make complaints to the Data Protection Board"
2023
Reference :
India Passes Digital Personal Data Protection Bill
Information on India data protection law | Onetrust
Link to reference Extracts :
Extract :
"Like most data protection laws, the DPDP requires organizations to present Data Principals with a privacy notice before every request for consent. Such privacy notices should outline:
The personal data being collected
The purposes of processing
Information relating to how the individual can exercise their rights
How individuals can make complaints to the Data Protection Board"
2023
Reference :
India Passes Digital Personal Data Protection Bill
Information on India data protection law | Onetrust
Link to reference Extracts :
Extract :
"Every request made to a Data Principal under section 6 for consent shall be
accompanied or preceded by a notice given by the Data Fiduciary to the Data Principal,
informing her,—
(i) the personal data and the purpose for which the same is proposed to be
processed;
(ii) the manner in which she may exercise her rights under sub-section (4) of
section 6 and section 13; and
(iii) the manner in which the Data Principal may make a complaint to the Board,
in such manner and as may be prescribed."
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extract :
Extracts :
Extract :
"Every request made to a Data Principal under section 6 for consent shall be
accompanied or preceded by a notice given by the Data Fiduciary to the Data Principal,
informing her,—
(i) the personal data and the purpose for which the same is proposed to be
processed;
(ii) the manner in which she may exercise her rights under sub-section (4) of
section 6 and section 13; and
(iii) the manner in which the Data Principal may make a complaint to the Board,
in such manner and as may be prescribed."
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extract :
Extracts :
Extract :
"Every request made to a Data Principal under section 6 for consent shall be
accompanied or preceded by a notice given by the Data Fiduciary to the Data Principal,
informing her,—
(i) the personal data and the purpose for which the same is proposed to be
processed;
(ii) the manner in which she may exercise her rights under sub-section (4) of
section 6 and section 13; and
(iii) the manner in which the Data Principal may make a complaint to the Board,
in such manner and as may be prescribed."
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extract :
Extracts :
Extract :
"Every request made to a Data Principal under section 6 for consent shall be
accompanied or preceded by a notice given by the Data Fiduciary to the Data Principal,
informing her,—
(i) the personal data and the purpose for which the same is proposed to be
processed;
(ii) the manner in which she may exercise her rights under sub-section (4) of
section 6 and section 13; and
(iii) the manner in which the Data Principal may make a complaint to the Board,
in such manner and as may be prescribed."
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extract :
Extracts :
Extract :
"Every request made to a Data Principal under section 6 for consent shall be
accompanied or preceded by a notice given by the Data Fiduciary to the Data Principal,
informing her,—
(i) the personal data and the purpose for which the same is proposed to be
processed;
(ii) the manner in which she may exercise her rights under sub-section (4) of
section 6 and section 13; and
(iii) the manner in which the Data Principal may make a complaint to the Board,
in such manner and as may be prescribed."
2023
Reference :
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023
Official text of India DPDP Act 2023
Link to reference Extract :
Extracts :
Extract :
No outright data protection regulation, instead, the Constitution of India ('the Constitution') recognises a fundamental right to privacy.
Reference :
India Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"GDPR entails obligations such as keeping records of processing activities (Article 30 GDPR) and data minimization, which are not addressed in India’s DPDP Act"
2023
Reference :
India's Digital Personal Data Protection (DPDP) Act, 2023: everything you need to know
Information on India data protection law | Didomi
Link to reference Extracts :
Extract :
"A unique feature of the DPDP Act, data fiduciaries have been classified into different brackets on the basis of volume and sensitivity of the personal data (and other prescribed criteria). Organisations routinely dealing with large volumes of individual personal data will be classified as significant data fiduciaries and have additional obligations such as appointing a data protection officer and an independent data auditor, and conducting data protection impact assessments.
On the other hand, small-sized data fiduciaries, including start-ups, can be exempted by the Indian Government from certain obligations such as notice, ensuring accuracy, completeness and erasure of personal data and ensuring data principals’ right to access information."
2023
Reference :
India – The Digital Personal Data Protection Act, 2023 finally arrives
Information on India data protection law | Linklaters
Link to reference Extracts :
Extract :
"In regard to the use of cookies and trackers, the India data protection law now mandates websites to obtain explicit consent from users before collecting or processing their personal data through cookies. Unlike the previous regulations where implied consent was often considered sufficient, the new law emphasizes the importance of clear and informed consent."
2023
Reference :
India Digital Personal Data Protection Bill: Understanding and Ensuring Compliance for Website Owners
Information on India data protection law for Cookie consent | Cookieinfo
Link to reference | Name | Short name | Classification | Jurisdiction | Year of creation |
|---|---|---|---|---|
| Ministry of Electronics and Information Technology (MEITY) | MEITY | Regulator | Govt authority/ministry | 1991 |
| Telecom Regulatory Authority of India (TRAI) | Regulator | Independant agency | 1997 | |
| Reserve Bank of India (RBI) | Regulator | Under the government authority | 1935 | |
| Competition Commission of India (CCI) | Regulator | Independant agency | 2003 | |
| Securities and Exchange Board of India (SEBI) | Regulator | Independant agency | 1988 | |
| Indian Computer Emergency Response Team (CERT-In) | Regulator | Under the government authority | 2004 |
| Legal text name | Original text name | Legislation type | Year signed | Regulation status | In effect since | Latest update initiated | Latest update areas | Latest update signed year |
|---|---|---|---|---|---|---|---|---|
| DPDP Bill | Digital Personal Data Protection Act, 2022 | General privacy/data protection law | 2023 | Signed, upcoming | Several aspects |