New Delhi: In a significant step towards protecting the privacy of its citizens in the digital realm, India has enacted the Digital Personal Data Protection Act (DPDP Act), which received the President's assent on August 12, 2023.

The law aims to establish a robust framework for safeguarding personal data and addressing the growing concerns surrounding its misuse and mishandling by entities operating within and outside the country.

Union Minister for Railways, Communications, Electronics and Information Technology, Ashwini Vaishnaw announced the development, emphasizing the importance of the DPDP Act in ensuring the privacy and security of Indian citizens' personal information. The Act introduces stringent provisions and penalties to deter the misuse of digital data, with entities facing fines of up to Rs 250 crore for failing to adequately protect or misusing individuals' personal data.

The DPDP Act introduces a comprehensive set of regulations that apply to both online and offline data collection. The Act covers personal data collected within India and even extends its jurisdiction to data processing activities occurring outside India if they involve offering goods or services to Indian individuals. This territorial extension underscores the government's commitment to safeguarding its citizens' data, regardless of its origin.

Key features of the DPDP Act include the obligation for firms dealing with user data to ensure its protection, even if stored with third-party data processors. In the event of a data breach, companies are mandated to promptly notify both the Data Protection Board (DPB) and the affected users, fostering transparency and accountability.

The Act places special emphasis on the protection of children's data and the data of physically disabled individuals, who have guardians. Consent from guardians is a prerequisite for processing such data. Furthermore, companies are required to appoint a Data Protection Officer, who acts as a responsible entity for overseeing data protection measures and interacting with users regarding data-related matters.

The DPB, as established by the Act, holds significant authority in ensuring compliance. It has the power to hear appeals against its decisions and it can call individuals for testimony under oath. It also possesses the authority to inspect documents and recommend actions, such as blocking access to intermediaries that breach the Act's provisions repeatedly.

As India takes a proactive stance in the digital age to protect its citizens' personal data, the enactment of the DPDP Act marks a significant milestone. By laying down clear guidelines, enforcing stringent measures and ensuring penalties for non-compliance, India is positioning itself as a leader in digital privacy protection. This landmark legislation reflects the government's commitment to securing its citizens' personal data while fostering a responsible digital ecosystem. /BI/