In a historic move, both the Houses of the Parliament – Lok Sabha and Rajya Sabha have passed the Digital Personal Data Protection (DPDP) Act on 7th and 9th of August 2023 respectively
Union Minister for Communications, Electronics, and Information Technology, Ashwini Vaishnaw, introduced the DPDPA in both the Houses of Parliament.

The DPDP Act 2023, or the Digital Personal Data Protection Act, is a legislative initiative aimed at safeguarding individuals’ personal data in the digital age. The bill aims to empower individuals with greater control over their data and enhance data privacy rights.

The DPDP Act applies to both public and private organizations that handle personal data, which includes a wide range of entities such as Private companies, Government agencies, Non-profit organizations, Educational institutions, Healthcare providers, Financial institutions, Data Processors etc. DPDPA applies to any organization that deals with personal data, regardless of its size or industry.

DPDPA 2023 impacts individual’s control over their personal data in several ways like Consent mechanism, Access and Rectification Rights, Data Probability, Purpose Limitation, Data Security Measures, Data Protection officers, Children’s data protection. DPDPA 2023 empowers individuals with greater control over personal data, which promotes accountability and transparency. 

The key principles outlined in DPDPA 2023 for data handling include obtaining explicit consent, limiting data to specific purposes, ensuring data accuracy, implementing robust security measures, and promoting transparency and accountability in data practices.

The DPDPA 2023 will address data breaches and unauthorized access incidents by requiring organizations to implement robust data security measures to prevent unauthorized access. In case of a breach, Penalties and fines for non-compliance will also be imposed. 

No, the DPDP Act 2023 aims to strike a balance between data-driven innovation and privacy protection. It encourages responsible data handling practices and fosters a supportive environment for technological advancements while safeguarding individuals’ privacy rights.

Yes, individuals have the right to request access to their personal data held by organizations under the DPDP Act 2023. They can inquire about the data being processed, the purposes, and the entities involved in data handling.

The DPDPA 2023 handles sensitive data by implementing special protection measures Organizations collecting sensitive data must obtain explicit consent, enhance security protocols, and specify conditions for its processing and transfer to prevent its misuse and protect individuals’ privacy rights.

The DPDP Act 2023 proposes that international data transfers must ensure an adequate level of data protection in the recipient country. In the absence of adequate protection, standard contractual clauses or approved mechanisms should be used to safeguard data during cross-border data flow.