top of page
Search

Today's Brief 6/01/2024

  • Writer: Smriti IASxp
    Smriti IASxp
  • Jan 6
  • 4 min read

Updated: Jan 7

IE Analysis:



1 .Digital Personal Data Protection Act (DPDP Act):aim to safeguard individuals’ rights by ensuring the secure handling of personal data. These rules serve to implement the provisions of the Digital Personal Data Protection Act, 2023 (DPDP Act), reflecting India’s commitment to establishing a comprehensive framework for digital data protection.


 Definitions:


(a) "Act" shall mean the Digital Personal Data Protection Act, 2023. (b) "Data Fiduciary" shall have the meaning ascribed to it in Section 3 of the Act. (c) "Data Principal" shall have the meaning ascribed to it in Section 3 of the Act. (d) "Digital Personal Data" shall have the meaning ascribed to it in Section 3 of the Act. (e) "Processing" shall have the meaning ascribed to it in Section 3 of the Act. (f) "Significant Data Fiduciary" shall have the meaning ascribed to it in Section 4 of the Act. (g) "Cross-border Transfer" shall have the meaning ascribed to it in Section 27 of the Act. (h) "Grid" shall mean the Data Protection Grid established under Section 33 of the Act. (i) "Consent" shall have the meaning ascribed to it in Section 4(1) of the Act.


2. Application

These Rules shall apply to all Data Fiduciaries processing Digital Personal Data within India, except as otherwise provided in these Rules or the Act.


3. Data Minimization

(1) A Data Fiduciary shall collect and process only the minimum amount of Digital Personal Data necessary for the intended purpose. (2) A Data Fiduciary shall not collect any Digital Personal Data that is irrelevant or excessive in relation to the purposes for which it is processed.


4. Purpose Limitation

(1) A Data Fiduciary shall collect and process Digital Personal Data only for specified, explicit, and legitimate purposes. (2) A Data Fiduciary shall not process Digital Personal Data for any purpose other than those for which it was collected, unless: (i) the Data Principal has given his or her consent; or (ii) the processing is necessary for the establishment, exercise, or defense of legal claims; or (iii) the processing is required by law.   


5. Data Accuracy

(1) A Data Fiduciary shall ensure that the Digital Personal Data it processes is accurate and, where necessary, kept up to date. (2) A Data Fiduciary shall take reasonable steps to correct or delete inaccurate Digital Personal Data.


6. Data Security

(1) A Data Fiduciary shall implement appropriate technical and organizational measures to ensure the security of Digital Personal Data, including measures to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage. (2) These measures shall be appropriate to the nature, scope, context, and purpose of processing and the risk to the rights and freedoms of Data Principals.   


7. Data Retention

(1) A Data Fiduciary shall retain Digital Personal Data only for as long as is necessary for the fulfillment of the purposes for which it was collected or as otherwise required by law. (2) A Data Fiduciary shall establish and implement data retention policies and procedures.


8. Transparency

(1) A Data Fiduciary shall provide clear and concise information to Data Principals about the processing of their Digital Personal Data, including: (i) the identity and contact details of the Data Fiduciary; (ii) the purposes for which the Digital Personal Data is collected and processed; (iii) the categories of Digital Personal Data collected; (iv) the recipients or categories of recipients of the Digital Personal Data; (v) the rights of the Data Principal under the Act and these Rules; (vi) the methods for exercising those rights. (2) This information shall be provided in a clear, concise, and easily understandable manner.


9. Data Breaches

(1) A Data Fiduciary shall notify the Data Protection Board and affected Data Principals without undue delay of any personal data breach that is likely to result in a high risk to the rights and freedoms of natural persons. (2) The notification shall include the nature of the breach, its likely impact, and the measures taken or proposed to be taken by the Data Fiduciary to address the breach and mitigate its adverse effects.   


10. Rights of Data Principals

(1) Data Principals shall have the right to: (i) access their Digital Personal Data; (ii) rectify inaccurate or incomplete Digital Personal Data; (iii) erase their Digital Personal Data; (iv) restrict the processing of their Digital Personal Data;     (v) object to the processing of their Digital Personal Data; (vi) data portability; (vii) withdraw their consent at any time. (2) A Data Fiduciary shall comply with these rights without undue delay and in accordance with the provisions of the Act and these Rules.   


11. Cross-border Transfers

(1) Cross-border transfers of Digital Personal Data shall comply with the provisions of Section 27 of the Act and these Rules. (2) A Data Fiduciary shall ensure that adequate safeguards are in place to protect the rights and freedoms of Data Principals when transferring Digital Personal Data to a recipient in another country.

12. Children's Personal Data

(1) The processing of children's personal data shall be subject to stricter requirements, including: (i) obtaining verifiable parental or guardian consent; (ii) implementing appropriate measures to protect children's privacy and safety online.

13. Data Protection Officer

(1) Significant Data Fiduciaries shall appoint a Data Protection Officer ("DPO"). (2) The DPO shall be responsible for overseeing the implementation of the Act and these Rules within the organization.   


14. Data Protection Board

(1) The Data Protection Board shall have the powers and functions specified in the Act. (2) The Data Protection Board shall issue guidelines and clarifications on the implementation of the Act and these Rules.   


15. Enforcement

(1) The Data Protection Board shall have the power to investigate violations of the Act and these Rules and to impose penalties on Data Fiduciaries. (2) Data Principals may also file complaints with the Data Protection Board regarding violations of their rights.   


16. Review and Amendments

These Rules may be reviewed and amended from time to time by the Government.


17. Coming into Force

These Rules shall come into force on [Date].

Note: This is a draft and may require further refinement and consultation with stakeholders

 
 
 

Recent Posts

See All
Today's Brief 5/11/2025

1 . The Indian Institute of Technology (IIT) Delhi General Studies Paper-II (250 Marks) – Governance, Constitution, Polity, Social Justice and International Relations  has taken the lead among Indian

 
 
 
Today's Brief 30/10/2025

1 . The Model Youth Gram Sabha (MYGS)   General Studies Paper-II (250 Marks) – Governance, Constitution, Polity, Social Justice and International Relations is a groundbreaking initiative launched by t

 
 
 
Today's Brief 28/10/2025

1 . Koyla Shakti (General Studies-III (250 marks)Technology, Economic Development, Biodiversity, Environment, Security, and Disaster Management)  is the name of the Smart Coal Analytics Dashboard (SCA

 
 
 

Comments

©
©

©2024 by Smriti IAS Experts

  • Telegram
  • Facebook
  • Instagram
  • Youtube
bottom of page