HOME

National

World News

Trending News

What's App

Govt SchemesNationalNational security

DPDP Act 2023 & DPDP Rules 2025

by Vastvik
DPDP RULE 2025 & D[DP ACT 2023

The Ministry of Electronics and Information Technology ( Meity ) invited Public feedback on the Draft digital personal data protection DPDP Rules 2025 for implementing the Digital Personal data protection act 2023..

Right now stakholder inputs is under review & the final rules are expected to be enfored soon..

About the Digital Personal Data Protection (DPDP) Act 2023:

The Digital Personal Data Protection Act, 2023 (DPDP Act) is an Indian law that governs the processing of digital personal data within India, and also applies to processing outside India if it involves offering goods or services within India . The Act recognizes the right of individuals to protect their personal data while acknowledging the need to process such data for lawful purposes . It was passed by both houses of Parliament in August 2023 and received presidential assent on August 11, 2023 .

Key Features of the DPDP Act:

  • The DPDP Act applies to the processing of digital personal data within India, whether the data is collected online or offline and then digitized . It also has extraterritorial application, covering data processing outside India if it relates to offering goods or services to individuals in India .
  • Personal data can only be processed for a lawful purpose with the consent of the individual . A notice must be provided before seeking consent, detailing the data to be collected and the purpose of processing . Consent can be withdrawn at any time . However, consent is not required for “legitimate uses” such as when data is voluntarily provided by the individual, for the provision of government benefits or services, in medical emergencies, or for employment purposes .
  • Individuals whose data is processed (data principals) have the right to :
    • Obtain information about the processing of their data.
    • Seek correction and erasure of their personal data.
    • Nominate another person to exercise their rights in the event of death or incapacity.
    • Grievance redressal .
  • Entities determining the purpose and means of processing data (data fiduciaries) must :
    • Make reasonable efforts to ensure the accuracy and completeness of data.
    • Build reasonable security safeguards to prevent data breaches.
    • Inform the Data Protection Board of India and affected individuals in the event of a data breach.
    • Erase personal data once its purpose has been met and retention is no longer necessary for legal purposes .
    • The Act establishes the Data Protection Board of India to monitor compliance, impose penalties, direct data fiduciaries to take necessary measures in the event of a data breach, and hear grievances from affected persons .
  • The Act specifies penalties for various offenses, such as non-fulfilment of obligations related to children’s data (up to ₹200 crore) and failure to take security measures to prevent data breaches (up to ₹250 crore) .

Key Differences from GDPR:

  • The DPDP Act applies only to digital personal data, while the GDPR covers all forms of personal data .
  • Unlike the GDPR, the DPDP Act does not distinguish between personal and sensitive personal data .
  • The DPDP Act does not include “contractual necessity or legitimate interests” as legal bases for data processing .
  • The DPDP Act does not explicitly provide for the right to data portability or the right to be forgotten, which are present in GDPR .

Criticism: The Act’s non-applicability to offline personal data has been criticized …

DPDP Rule 2025

The Digital Personal Data Protection Act (DPDP) of 2023 has proposed draft rules for 2025 to effectuate the original Act . These rules aim to safeguard citizens’ rights regarding the protection of their personal data .

  • The draft rules include provisions for individuals to request information on the data collected about them . Data principals can access, correct, and erase their data, and they have mechanisms to withdraw consent and handle complaints .
  • Data fiduciaries will need to ensure privacy and security through defined retention timelines, compliance audits, and transparent processes . They are also mandated to implement measures such as encryption, report breaches within 72 hours, and ensure robust identity verification, especially for children and people with disabilities . Significant data fiduciaries will face additional responsibilities, such as conducting Data Protection Impact Assessments (DPIAs) and complying with algorithmic fairness and cross-border data transfer protocols .
  • The 2025 rules aim to clarify some ambiguities in the original act . However, some challenges remain for stakeholders, such as undefined thresholds for exemptions for startups and the retrospective applicability of consent obligations .
  • There are discussions around a phased implementation, especially concerning verifiable consent and consent managers . Suggestions have been made to provide organizations with flexibility in employing context-specific security safeguards and to require notification of personal data breaches only when they are likely to result in significant harm to individuals .for national news click www.eminentnews.com
DPDP ACT 2023DPDP RULE 2025MEITYPRIVACY

Join WhatsApp

Join Now

Latest Stories

Revamping India's secondary education pic by TEN

Revamping India’s Secondary education :

Cancer care gaps in india pic by ten

Cancer care Gaps in India..

electric passenger car pic by TEN

Manufacturing of Electric Passenger cars in India

Leave a Comment

The Eminent News ( TEN ) prioritize student needs , provide a streamlined news experience with minimal ads & maximum learning opportunities , so don't hesitate to join us to access quality content for better Result..

Categories

National

World

Trending

Sports

Quakes Links

About Us

Contact Us

Disclaimer

Privacy policy

Follow Us On

Follow Us On Social Media

Get Latest Update On Social Media

© Eminentnews.com • All rights reserved