DPDP RULES
Rule 1 - Short title and commencement.
Rule 2 - Definitions
Rule 3 - Notice given by Data Fiduciary to Data Principal
Rule 4 - Registration and obligations of Consent Manager
Rule 5 - Processing of personal data for provision or issue of subsidy, benefit, service, certificate, licence or permit by State and its instrumentalities
Rule 6 - Reasonable security safeguards
Rule 7 - Intimation of personal data breach
Rule 8 - Time period for specified purpose to be deemed as no longer being served
Rule 9 - Contact information of person to answer questions about processing
Rule 10 - Verifiable consent for processing of personal data of child
Rule 11 - Verifiable consent for processing of personal data of person with disability who has lawful guardian
Rule 12 - Exemptions from certain obligations applicable to processing of personal data of child
Rule 13 - Additional obligations of Significant Data Fiduciary
Rule 14 - Rights of Data Principals
Rule 15 - Transfer of personal data outside the territory of India
Rule 16 - Exemption from Act for research, archiving or statistical purposes
Rule 17 - Appointment of Chairperson and other Members
Rule 18 - Salary, allowances and other terms and conditions of service of Chairperson and other Members
Rule 19 - Procedure for meetings of Board and authentication of its orders, directions and instruments
Rule 20 - Functioning of Board as digital office
Rule 21 - Terms and conditions of appointment and service of officers and employees of Board
Rule 22 - Appeal to Appellate Tribunal
Rule 23 - Calling for information from Data Fiduciary or intermediary
FIRST SCHEDULE - Conditions for registration of Consent Manager
SECOND SCHEDULE - Standards for processing of personal data by State and its instrumentalities under clause (b) of section 7 and for processing of personal data necessary for the purposes specified in clause (b) of sub section (2) of section 17
THIRD SCHEDULE
FOURTH SCHEDULE - Classes of Data Fiduciaries in respect of whom provisions of sub-sections (1) and (3) of section 9 shall not apply
FIFTH SCHEDULE
SIXTH SCHEDULE - Terms and conditions of appointment and service of officers and employees of Board
SEVENTH SCHEDULE
SEVENTH SCHEDULE
S. no. | Purpose | Authorised person |
|---|---|---|
1. | Use, by the State or any of its instrumentalities, of personal data of a Data Principal in the interest of sovereignty and integrity of India or security of the State. | Such officer of the State or of any of its instrumentalities notified under clause (a) of sub-section (2) of section 17 of the Act, as the Central Government or the head of such instrumentality, as the case may be, may designate in this behalf. |
2. | Use, by the State or any of its instrumentalities, of personal data of a Data Principal for the following purposes, namely: (i) performance of any function under any law for the time being in force in India; or (ii) disclosure of any information for fulfilling any obligation under any law for the time being in force in India. | Person authorised under applicable law. |
3. | Carrying out assessment for notifying any Data Fiduciary or class of Data Fiduciaries as Significant Data Fiduciary. | Such officer of the Central Government, in the Ministry of Electronics and Information Technology, as the Secretary in charge of the said Ministry may designate in this behalf. |