Frequently Asked Questions
Got questions? We've got answers. Find quick solutions to common queries below.
DPDPA 2023 stands for the Digital Personal Data Protection Act, enacted by the Indian government to regulate how organizations collect, process, and protect personal data.
It applies to all organizations — domestic or foreign — that handle personal data of Indian residents.
Fines can go up to ₹250 crore for serious data breaches or misuse of personal data.
While inspired by GDPR, DPDPA focuses on India's context, simplifying consent and granting government oversight for national interest.
Implementation is expected in phases, beginning late 2024 or early 2025 once the Data Protection Board is fully operational.
The seven core principles are: consent-based processing, purpose limitation, data minimization, accuracy of data, storage limitation, security safeguards, and accountability.
A Data Fiduciary is the entity that determines how and why personal data is processed, essentially the organization or business handling the data.