SlideShare a Scribd company logo

DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf

D
DaviesParker

Digital Personal Data Protection Act

Business
1 of 17
Download to read offline
© 2023 Tsaaro. All rights reserved. DIGITAL PERSONAL DATA DIGITAL PERSONAL DATA PROTECTION ACT, 2023 PROTECTION ACT, 2023 PROVISIONS, CONTROLS & TOOLS
www.tsaaro.com Page 2 Provisions Analysis Introduction Conclusion Executive Summary 01 02 03 04 Table of Content Applicability i Grounds for Processing Digital Personal Data ii Consent and Notice Requirements iii Additional Obligations of Significant Data Fiduciary iv Protection of Personal Data of Children v Rights of Data Principals vi Transfer of Personal Data vii Data Protection Board of India viii ix General Obligations of Data Fiduciary
www.tsaaro.com Page 3 This paper is an in-depth analysis of the newly introduced Digital Personal Data Protection Act, 2023. The Act is a simple and lean piece of law representing India’s position on data protection principles vis-à-vis the roles and responsibilities of individuals & businesses. It highlights the key provisions of the Act that the organizations will have to look into before they embark on their privacy compliance journey. Introduction Nine key provision sets have been identified and explained clearly without diluting their legal consequences. The report provides for a comparison with Act's global contemporaries. Further, the paper also provides a compliance roadmap in order to fulfill the mandate of the provisions that have also been laid down. The paper is a point-in-time review and the observations and recommendations are made based on the framework of the 2023 Act. Executive Summary The information presented in this document is provided as-is and shall not be construed as legal advice. The assessment is a “point in time” analysis dependent on the 2023 Act. Due to any changes made to the Act, the findings at a later stage may not be the same as those reflected in this report. This is not a legal advice & should only be used for reference purposes. Disclaimer
www.tsaaro.com Page 4 Provisions Analysis i Applicability an individual for personal or domestic purposes, personal data that has been made public by a data principal or under a legal obligation, or personal data that is necessary for research, archiving, or statistical purposes and data is not used for data principal-specific decisions and the processing complies with government-prescribed standards. The 2023 Act applies to processing of “Digital” personal data i.e., the data is collected in digital form, or collected in non-digital form and digitized subsequently within the Indian territory. The 2023 Act also applies to processing of personal data outside India in cases, where there is an offering of goods and services to Data Principals within the territory of India. This provision exempts processing of personal data when: Section 3: The Draft Bill of 2022 had previously proposed the applicability of the Bill to processing of digital personal data as well as where profiling and offering of goods and services were targeted at India. The Joint Parliamentary Committee had previously proposed a change in applicability of the data protection legislation to personal & non-personal data, under the Data Protection Act, 2021. But this Act only extends the applicability to personal data in a digitized format. Comparison to its Previous Iterations What are the sources of data collection? Is processing done within the Indian territory or outside but the goods/services are targeted at the Indian population? Is there any process set in place to digitize data collected offline? Before organizations begin their compliance journey and strategize their policies and procedures, they must strictly look into the applicability of the Act on their format of processing. Questions to consider can be: Compliance Road-Map
www.tsaaro.com Page 5 Applicability Matrix Not Applicable Whether your organization processes personal data of individuals? If personal data is collected from Data Principals in digital form OR If personal data collected in non-digital form, is digitized subsequently. If the processing is in connection with any activity related to offering of goods or services to data principals within the territory of India. Whether your organization processes personal data within the territory of India? Whether your organization processes personal data outside the territory of India? i
www.tsaaro.com Page 6 Grounds for Processing Digital Personal Data Processing shall be considered to be legitimate if it aligns with the provisions of the 2023 Act, or where the Data Principal has given her consent, and is for a lawful purpose. Lawful purpose has been defined as any purpose that is not prohibited by law. ii Section 4: The Draft Bill of 2022 provided processing of digital personal data for lawful purposes including when in circumstances when deemed consent is provided by an individual. European Union: GDPR lays down grounds for processing under Article 6. These are: legitimate interest, consent, vital interest, contractual necessity, public interest and legal obligation Comparison to Other Laws Is the purpose of processing legitimate or is the purpose in violation of any law in force? Whether the grounds for processing personal data is proportional to the rights vested with the data principals? Lawful basis or legal grounds for processing digital personal data acts as a shield for organizations against regulatory and financial penalties. Additionally, choosing a legitimate purpose for processing aids the business to limit its processing within the contours of the law and attracts consumer trust and builds goodwill. In order to assess the legal ground to rely on, organizations should keep in mind the following: Compliance Road-Map FINANCIAL PENALTY: Upto 50 crores
www.tsaaro.com Page 7 Consent and Notice Requirements The 2023 Act emphasizes on a person’s right to know what personal information a Data Fiduciary is collecting and the reason behind such collection. The Act provides that valid consent needs to be free, specific, informed, unconditional and unambiguous and involves a clear affirmative action which should signify agreement to the processing of the individual's personal data for such specified purpose. Consent should not be irrevocable and permanent, and the Data Principal may withdraw consent at any time. The Act stipulates that consent of data principles may be managed by a Consent Manager. The Notice-related requirements under Section 5 of the 2023 Act focus on three things: it has to be written in clear words, it has to be in simple language and be available in the languages listed on the Eighth Schedule of the Constitution of India. This notice must also prescribe the Data Principal on the manner of filing a complaint to the Data Protection Board. iii Section 5 and Section 6: FINANCIAL PENALTY: Upto 50 crores GDPR, under Article 7, discusses consent and its essentials. Consent has to be freely given, unambiguous, in clear and plain language. There must also be an option to withdraw consent. Comparison to Other Laws When should Data Principals be notified of processing their personal data? Whether the notice contains the required information in clear and plain language? Is there a process for the withdrawal of consent being provided? Consent management is a hallmark of the Act and therefore solutions and tools can help automate consent management. In order to assess the legal ground to rely on, organizations should keep in mind the following: Compliance Road-Map
www.tsaaro.com Page 8 General Obligations of Data Fiduciary Data Fiduciary means any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data. There are obligations laid down on such data fiduciaries for processing of personal data accurately and in line with legitimate uses (Section 7), deletion and retention of personal data, breach notification, grievance management, processor management and implementation of technical and organizational safeguards to efficiently protect personal data. iv Section 8: Under the GDPR, data controllers are the organizations with a horizon of responsibilities and obligations. Data controllers are the organizations that define the purpose and means of data processing, just like under the Indian Act. Comparison to Other Laws Has the organization defined appropriate time-periods for data retention and deletion? Are there efficient mechanisms in place to ensure grievances and personal data breach management? Are there technical and organizational measures established to ensure adherence to the provisions of the Act? Are there reasonable security measures in place to secure personal data from breach incidents? For a well-rounded compliance framework, Data Fiduciaries have to identify the privacy risks in the organization and accordingly undertake Data Discovery and Data Mapping, and draft appropriate Data Processing Agreements with Processors, Retention Schedules, etc. Compliance Road-Map FINANCIAL PENALTY: Upto 250 crores
www.tsaaro.com Page 9 Additional Obligations of Significant Data Fiduciary Central Government may notify any Data Fiduciary or class of Data Fiduciaries as Significant Data Fiduciary. This category has additional obligations like appointment of a Data Protection Officer (DPO), Independent Data Auditor, and conduct Periodic Data Protection Impact Assessments (DPIA). Such class of data fiduciaries shall be notified by the government on the basis of a list of criteria provided in the Act. v Section 10: This provision has been maintained from the previous Draft Bill of 2022. Does your organization have well-trained professionals to undertake the role of a Data Protection Officer? Additionally, have you appointed an Independent Data Auditor? Has your organization documented procedures and processes to conduct data audits and periodic assessments of business functions? Does your organization have systematic processes in place for consent and privacy rights management? Does your organization have privacy-sensitive employees and conduct effective trainings and up-skilling exercises? For a well-rounded compliance framework to shield the organizations, certain steps will be required to be taken appointment of relevant persons, conducting training and awareness programs for the employees, consent management, documentation of data subject request forms and processes, Data Inventory, Periodic DPIAs and Audits, etc. Compliance Road-Map FINANCIAL PENALTY: Upto 150 crores
www.tsaaro.com Page 10 Protection of Personal Data of Children The data fiduciaries are entrusted with the obligation to obtain verifiable consent from the lawful guardians prior to the processing of personal data of a child or a person with a disability. They are prohibited from undertaking the processing of personal data that is likely cause any detrimental effect on the well-being, tracking or behavioral monitoring, or targeted advertising directed at the data principals mentioned in Section 9. vi Section 9 European Union: GDPR allows member state to define the age limit for an individual to be considered a child, provided that such an age is not below 13 years. Prior to the processing of the personal data of children, authorized parental consent is required. California: CPRA provides for explicit consent from children between the age of 13 - 16, and from parents/ lawful guardians for children below the age of 13. The protection of children's data is also aligned with Children’s Online Privacy Protection Act (COPPA) which stipulates verifiable parental consent. Comparison to Other Laws FINANCIAL PENALTY: Upto 200 crores Does the organization process personal data belonging to children? Has the organization incorporated appropriate measures to ensure that the verifiable consent of the lawful guardians is recorded prior to the processing of personal data of children? It is recommended that the organizations ensure compliance with the provisions laid down in the 2023 Act in the following manner: Compliance Road-Map
Right to Access Information about Personal Data The data principal is vested with the right to obtain from the data fiduciaries to whom consent has been provided; a summary of their personal data being processed & the processing activities; identities of all the data fiduciaries with whom their personal data was shared by identifying the categories of personal data so shared; and, any other information related to personal data, which may be prescribed. Right of Grievance Redressal The data principal is vested with the right to a ‘readily available’ means of registering a grievance with the data fiduciary or consent manager in respect of any act or omission of such Data Fiduciary or Consent Manager regarding the performance of its obligation. The data fiduciary shall be required to respond to such grievances within the period as may be prescribed by the Central Government by way of rules or notification. www.tsaaro.com Page 11 Rights of Data Principals vii Right to Correction & Erasure of Personal Data The data principal would have the right to correction, completion, updating and erasure of their personal data for which they had previously given consent to be processed. The data fiduciary is obligated to correct the data principal’s inaccurate or misleading personal data; to complete their incomplete personal data; to update their personal data; to erase their personal data in cases where the data principal withdraws their consent, or when the data is no longer necessary for the purpose for which it was processed unless retention is mandated for a legal purpose. Right to Nominate The data principal has the right to nominate any other individual, who in the event of death / incapacity (“incapacity” meaning inability to exercise the rights of the Data Principal unsoundness of mind or infirmity of body) of the data principal, could exercise the rights guaranteed under the Act. 1. 2. 3. 4.
www.tsaaro.com Page 12 Rights of Data Principals vii The rights identified under GDPR, the Draft Bill, 2022, & the 2023 Act have been enumerated hereunder. Comparison to Other Laws Sl. No. Data Subject Rights under European Union GDPR Data Principal Rights under DPDPB, 2022 Data Principal Rights under DPDBA, 2023 1 Right of Access by the data subject Right to Information about Personal Data Right to Access Information about personal data 2 Right to Rectification Right to Correction Right to Correction 3 Right to Erasure ('to be forgotten') Right to Erasure Right to Erasure 4 Right to Restriction of Processing N/A N/A 5 Right to Data Portability N/A N/A 6 Right to Object Right of Grievance Redressal Right of Grievance Redressal 7 N/A Right to Nominate Right to Nominate Has the Organization informed the data principals of the rights vested with them under the Act, through the privacy policy? Has the Organization implemented the appropriate data subject requests tool? It is recommended for organizations to ensure compliance with the legal grounds in the following manner: Compliance Road-Map
www.tsaaro.com Page 13 Transfer of Personal Data The Bill stipulates a general rule against transfer of personal data to any country outside the territory of India as notified by the Central Government and such transfers are subject to satisfaction of at least one of the conditions prescribed under Section 17 of the Act. viii Section 16 GDPR lays down certain safeguards to protect the personal data that is being transferred to third countries / international organizations, which are primarily inclusive of - Binding Corporate Rules, Standard Contractual Clauses and Adequacy Decisions. Comparison to Other Laws Has the organization that transfers personal data beyond the territory of India ensured that a Transfer Impact Assessment is conducted to assess and analyze whether the third parties/vendors have appropriate measures incorporated to protect the personal data? Has the Organization implemented measures to ensure that the Data Processing Agreements are in place, in case of any such transfer of personal data beyond India? It is recommended to the Organizations comply with the provisions and legal grounds laid down in the 2023 Act in the following manner: Compliance Road-Map FINANCIAL PENALTY: Upto 50 crores
www.tsaaro.com Page 14 Data Protection Board of India Chapter V (Section 18- 26) and Chapter VI (Section 27 and 28) The Act proposes the establishment of the Data Protection Board of India. The Board has been identified as an independent body, functioning as a digital office by adopting the techno-legal measures as may be prescribed. The Board is responsible for investigating data breaches, addressing complaints from Data Principals, and imposing penalties on Data Fiduciaries, Consent Managers, and intermediaries as per the Act. ix GDPR mandates every Member State to establish an independent supervisory authority in order to monitor the application of the regulatory requirements, to protect the rights & freedoms of the data subjects whose personal data is processed and, to facilitate the free flow of the personal data within the Union. Comparison to Other Laws Investigation and inquiry into personal data breaches, as well as imposing urgent remedial and mitigating measures for breach containment. Take cognizance of violations of the Act on the receipt of a complaint filed by a data principal against a data fiduciary and/or consent manager, and to impose penalties. Take cognizance and initiate inquiries on the violations by an intermediary, as per references made by the Central Government. Take appropriate action against any consent manager on being intimated of any breach of registration condition, and impose penalties. Impose penalties against the appropriate party as per Schedule of the Act. Functions of the Data Protection Board
www.tsaaro.com Page 15 Conclusion The Digital Personal Data Protection Act 2023 is a lean and simple piece of law that focuses on "digitized" personal data. This whitepaper serves as a compliance guide for the organizations that want to develop a roadmap in anticipation of the Indian Act on Data Protection. Tsaaro can help you on this journey of compliance with our holistic data protection services. Privacy Risk Management Privacy Audit DPO as a Service Consent Management Product Privacy Assessment Cookie Compliance Privacy Program Development Privacy Training Think Privacy, Think Tsaaro
www.tsaaro.com Page 16 About Tsaaro At Tsaaro, we empower businesses to manage their compliance with data privacy and cybersecurity regulations. Our Mission is to assist businesses in achieving this because we are fervently committed to safeguarding the individuals who are the sources of the data. We have been at the forefront of ensuring that companies instill the best data protection and cybersecurity safeguards at their organisation and helped them save up to $100,000 which they would have paid in fine to Regulatory Authorities. Our strength lies in assessing security and privacy risks, monitoring threats, and safeguarding applications against compliance issues. Our Services Data Privacy Services Privacy Implementation Program System Integrators Information Security Services & Industry Standard Compliance Data Governance Staff Augmentation Services 150+ 100+ 22+ 60+ Total Projects Completed Regulations/Standards Covered Clients across 7 Geographies Privacy & Security Experts Vodafone EXL Flipkart Vistara Airlines Titan DarwinBox
Tsaaro Amsterdam Office Regus Schiphol Rijk Beech Avenue 54-62, Het Poortgebouw, Amsterdam, 1119 PW, Netherlands P: +31- 639875167 Akarsh Singh (CEO & Founder, Tsaaro) Akarsh is a CIPP/E, CIPM, CIPT, Fellow in Information Privacy by IAPP, and an IAPP Advisory Board Member. His expertise lies in Data Privacy and Information Security Compliance. WHY TSAARO? CONTACT US Email us info@tsaaro.com Tsaaro Bangalore Office Manyata Embassy Business Park, Ground Floor, E1 Block, Beech Building, Outer RingRoad, Bangalore- 560045 India P: +91 77609-23421 Tsaaro provides Privacy & Cybersecurity services to help organizations meet regulatory requirements while maintaining a robust security infrastructure. Our industry-standard privacy services include DPO-as-a-service, DPIA, Privacy Program Development, Privacy Risk Management, Cookie Compliance Program, Consent Management, to name a few, delivered by our expert privacy professionals recognized by IAPP. Tsaaro Gurugram Office Level 1, Building 10A, Cyber Hub, DLF Cyber City, Gurugram, Haryana 122002 India +91 77609-23421 Krithi Shetty Senior Data Protection Consultant, Tsaaro Shilpa Margaret Kurian Data Protection Consultant, Tsaaro Sonakshi Singh Data Protection Consultant, Tsaaro Vaishali Venkatesh Gangaraddi Data Protection Consultant, Tsaaro

Recommended

DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdfPriyanka Aash
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Information Technology Amendment Act 2008
Information Technology Amendment Act 2008Information Technology Amendment Act 2008
Information Technology Amendment Act 2008Nanda Mohan Shenoy
 
I.T ACT 2000
I.T ACT 2000 I.T ACT 2000
I.T ACT 2000 RAJ ANAND
 
Main presentation aml cft
Main presentation aml cftMain presentation aml cft
Main presentation aml cftAsad Hameed
 
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Karnika Seth
 
UAPA- Unlawful Activities Prevention Act
UAPA- Unlawful Activities Prevention Act UAPA- Unlawful Activities Prevention Act
UAPA- Unlawful Activities Prevention Act DeepikaHY
 
Appreciation of Electronic Evidence-PDF
Appreciation of Electronic Evidence-PDFAppreciation of Electronic Evidence-PDF
Appreciation of Electronic Evidence-PDFTalwant Singh
 

Recommended

DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdfPriyanka Aash
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Information Technology Amendment Act 2008
Information Technology Amendment Act 2008Information Technology Amendment Act 2008
Information Technology Amendment Act 2008Nanda Mohan Shenoy
 
I.T ACT 2000
I.T ACT 2000 I.T ACT 2000
I.T ACT 2000 RAJ ANAND
 
Main presentation aml cft
Main presentation aml cftMain presentation aml cft
Main presentation aml cftAsad Hameed
 
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Karnika Seth
 
UAPA- Unlawful Activities Prevention Act
UAPA- Unlawful Activities Prevention Act UAPA- Unlawful Activities Prevention Act
UAPA- Unlawful Activities Prevention Act DeepikaHY
 
Appreciation of Electronic Evidence-PDF
Appreciation of Electronic Evidence-PDFAppreciation of Electronic Evidence-PDF
Appreciation of Electronic Evidence-PDFTalwant Singh
 
cyber law IT Act 2000
cyber law IT Act 2000cyber law IT Act 2000
cyber law IT Act 2000Yash Jain
 
Electronic evidence
Electronic evidenceElectronic evidence
Electronic evidenceRonak Karanpuria
 
ACTIONABLE CLAIM
ACTIONABLE CLAIMACTIONABLE CLAIM
ACTIONABLE CLAIMproperty Advocates
 
Information Technology Act 2000
Information Technology Act 2000Information Technology Act 2000
Information Technology Act 2000Tirthankar Sutradhar
 
Three big questions about AI in financial services
Three big questions about AI in financial servicesThree big questions about AI in financial services
Three big questions about AI in financial servicesWhite & Case
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
The contribution of information commission to ensure right in Bangladesh
The contribution of information commission to ensure right in BangladeshThe contribution of information commission to ensure right in Bangladesh
The contribution of information commission to ensure right in BangladeshLutfur Rahman
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013Myron Duncan Burton Betshanger
 
Blockchain startup
Blockchain startupBlockchain startup
Blockchain startupSota Watanabe
 
Customer Due Diligence Part 1 slides.pptx
Customer Due Diligence Part 1 slides.pptxCustomer Due Diligence Part 1 slides.pptx
Customer Due Diligence Part 1 slides.pptxSiniTizhe
 
IT Act 2000
IT Act 2000IT Act 2000
IT Act 2000Pradeep Tomar
 
Legal Ethics 2nd lecture
Legal Ethics 2nd lectureLegal Ethics 2nd lecture
Legal Ethics 2nd lectureKeshav Choudhary
 
Blockchain: Future Legal Issues
Blockchain: Future Legal IssuesBlockchain: Future Legal Issues
Blockchain: Future Legal IssuesMark Radcliffe
 
Aml basics
Aml basicsAml basics
Aml basicsDavid F Amakobe
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Prevention of money laundering act, 2002 part i
Prevention of money laundering act, 2002 part iPrevention of money laundering act, 2002 part i
Prevention of money laundering act, 2002 part iDVSResearchFoundatio
 
Public Interest Litigation: A Critical Review
Public Interest Litigation: A Critical ReviewPublic Interest Litigation: A Critical Review
Public Interest Litigation: A Critical Reviewijtsrd
 
Data Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfData Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfDarylBallesteros3
 
Fair Trial
Fair TrialFair Trial
Fair TrialAvinash Rai
 
Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill Mathew Chacko
 
India's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road AheadIndia's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road AheadEquiCorp Associates
 

More Related Content

What's hot

cyber law IT Act 2000
cyber law IT Act 2000cyber law IT Act 2000
cyber law IT Act 2000Yash Jain
 
Three big questions about AI in financial services
Three big questions about AI in financial servicesThree big questions about AI in financial services
Three big questions about AI in financial servicesWhite & Case
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
The contribution of information commission to ensure right in Bangladesh
The contribution of information commission to ensure right in BangladeshThe contribution of information commission to ensure right in Bangladesh
The contribution of information commission to ensure right in BangladeshLutfur Rahman
 
Customer Due Diligence Part 1 slides.pptx
Customer Due Diligence Part 1 slides.pptxCustomer Due Diligence Part 1 slides.pptx
Customer Due Diligence Part 1 slides.pptxSiniTizhe
 
Blockchain: Future Legal Issues
Blockchain: Future Legal IssuesBlockchain: Future Legal Issues
Blockchain: Future Legal IssuesMark Radcliffe
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Prevention of money laundering act, 2002 part i
Prevention of money laundering act, 2002 part iPrevention of money laundering act, 2002 part i
Prevention of money laundering act, 2002 part iDVSResearchFoundatio
 
Public Interest Litigation: A Critical Review
Public Interest Litigation: A Critical ReviewPublic Interest Litigation: A Critical Review
Public Interest Litigation: A Critical Reviewijtsrd
 
Data Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfData Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfDarylBallesteros3
 

What's hot (20)

cyber law IT Act 2000
cyber law IT Act 2000cyber law IT Act 2000
cyber law IT Act 2000
 
Electronic evidence
Electronic evidenceElectronic evidence
Electronic evidence
 
ACTIONABLE CLAIM
ACTIONABLE CLAIMACTIONABLE CLAIM
ACTIONABLE CLAIM
 
Information Technology Act 2000
Information Technology Act 2000Information Technology Act 2000
Information Technology Act 2000
 
Three big questions about AI in financial services
Three big questions about AI in financial servicesThree big questions about AI in financial services
Three big questions about AI in financial services
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
 
The contribution of information commission to ensure right in Bangladesh
The contribution of information commission to ensure right in BangladeshThe contribution of information commission to ensure right in Bangladesh
The contribution of information commission to ensure right in Bangladesh
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
 
Blockchain startup
Blockchain startupBlockchain startup
Blockchain startup
 
Customer Due Diligence Part 1 slides.pptx
Customer Due Diligence Part 1 slides.pptxCustomer Due Diligence Part 1 slides.pptx
Customer Due Diligence Part 1 slides.pptx
 
IT Act 2000
IT Act 2000IT Act 2000
IT Act 2000
 
Legal Ethics 2nd lecture
Legal Ethics 2nd lectureLegal Ethics 2nd lecture
Legal Ethics 2nd lecture
 
Blockchain: Future Legal Issues
Blockchain: Future Legal IssuesBlockchain: Future Legal Issues
Blockchain: Future Legal Issues
 
Aml basics
Aml basicsAml basics
Aml basics
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in India
 
Prevention of money laundering act, 2002 part i
Prevention of money laundering act, 2002 part iPrevention of money laundering act, 2002 part i
Prevention of money laundering act, 2002 part i
 
Public Interest Litigation: A Critical Review
Public Interest Litigation: A Critical ReviewPublic Interest Litigation: A Critical Review
Public Interest Litigation: A Critical Review
 
Data Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfData Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdf
 
Fair Trial
Fair TrialFair Trial
Fair Trial
 

Similar to DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf

Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill Mathew Chacko
 
India's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road AheadIndia's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road AheadEquiCorp Associates
 
Overview of the Digital Personal Data Protection DPDP Bill 2023.pdf
Overview of the Digital Personal Data Protection DPDP Bill 2023.pdfOverview of the Digital Personal Data Protection DPDP Bill 2023.pdf
Overview of the Digital Personal Data Protection DPDP Bill 2023.pdfEconomic Laws Practice
 
Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfDaviesParker
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxssuser36d167
 
UAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfUAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfDaviesParker
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protectionMathew Chacko
 
Digital personal data protection BILL.docx
Digital personal data protection BILL.docxDigital personal data protection BILL.docx
Digital personal data protection BILL.docxgabbarsk3
 
Digital Personal Data Protection Act, 2023: A Guide to the Applicability of t...
Digital Personal Data Protection Act, 2023: A Guide to the Applicability of t...Digital Personal Data Protection Act, 2023: A Guide to the Applicability of t...
Digital Personal Data Protection Act, 2023: A Guide to the Applicability of t...Spice Route Legal
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing MindsetNetworkIQ
 
Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)Ashish vishal
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020Christo W. Meyer
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analyticsbrunomase
 
BigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance AutomatedBigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance AutomatedBigID Inc
 
DIRECT MARKETING UNDER INDIA’S NEW DIGITAL DATA PROTECTION LAW
DIRECT MARKETING UNDER INDIA’S NEW DIGITAL DATA PROTECTION LAWDIRECT MARKETING UNDER INDIA’S NEW DIGITAL DATA PROTECTION LAW
DIRECT MARKETING UNDER INDIA’S NEW DIGITAL DATA PROTECTION LAWSpice Route Legal
 
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)ProductNation/iSPIRT
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...Dr. Oliver Massmann
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERYashiVaidya
 
Digital Personal Data Protection Bill 2023 PPT.pptx
Digital Personal Data Protection Bill 2023 PPT.pptxDigital Personal Data Protection Bill 2023 PPT.pptx
Digital Personal Data Protection Bill 2023 PPT.pptxRohanTyagi57
 

Similar to DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf (20)

Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill
 
India's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road AheadIndia's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road Ahead
 
Overview of the Digital Personal Data Protection DPDP Bill 2023.pdf
Overview of the Digital Personal Data Protection DPDP Bill 2023.pdfOverview of the Digital Personal Data Protection DPDP Bill 2023.pdf
Overview of the Digital Personal Data Protection DPDP Bill 2023.pdf
 
Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdf
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
 
UAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfUAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdf
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
 
Digital personal data protection BILL.docx
Digital personal data protection BILL.docxDigital personal data protection BILL.docx
Digital personal data protection BILL.docx
 
Digital Personal Data Protection Act, 2023: A Guide to the Applicability of t...
Digital Personal Data Protection Act, 2023: A Guide to the Applicability of t...Digital Personal Data Protection Act, 2023: A Guide to the Applicability of t...
Digital Personal Data Protection Act, 2023: A Guide to the Applicability of t...
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing Mindset
 
Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analytics
 
BigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance AutomatedBigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance Automated
 
DIRECT MARKETING UNDER INDIA’S NEW DIGITAL DATA PROTECTION LAW
DIRECT MARKETING UNDER INDIA’S NEW DIGITAL DATA PROTECTION LAWDIRECT MARKETING UNDER INDIA’S NEW DIGITAL DATA PROTECTION LAW
DIRECT MARKETING UNDER INDIA’S NEW DIGITAL DATA PROTECTION LAW
 
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPER
 
Digital Personal Data Protection Bill 2023 PPT.pptx
Digital Personal Data Protection Bill 2023 PPT.pptxDigital Personal Data Protection Bill 2023 PPT.pptx
Digital Personal Data Protection Bill 2023 PPT.pptx
 

More from DaviesParker

Annual-Report-on-Privacy-Fines-2022.pdf
Annual-Report-on-Privacy-Fines-2022.pdfAnnual-Report-on-Privacy-Fines-2022.pdf
Annual-Report-on-Privacy-Fines-2022.pdfDaviesParker
 
Report_PrivacyAmongChildren.pdf
Report_PrivacyAmongChildren.pdfReport_PrivacyAmongChildren.pdf
Report_PrivacyAmongChildren.pdfDaviesParker
 
Privacy as a Career
Privacy as a CareerPrivacy as a Career
Privacy as a CareerDaviesParker
 
Responsible-A.I-and-Privacy-Report.pdf
Responsible-A.I-and-Privacy-Report.pdfResponsible-A.I-and-Privacy-Report.pdf
Responsible-A.I-and-Privacy-Report.pdfDaviesParker
 
Privacy-in-the-Metaverse
Privacy-in-the-MetaversePrivacy-in-the-Metaverse
Privacy-in-the-MetaverseDaviesParker
 
SECTOR-SPECIFIC-REGULATIONS-AND-A-FEW-HICCUPS-MORE-U.S.A-AND-ITS-PRIVACY-LAWS...
SECTOR-SPECIFIC-REGULATIONS-AND-A-FEW-HICCUPS-MORE-U.S.A-AND-ITS-PRIVACY-LAWS...SECTOR-SPECIFIC-REGULATIONS-AND-A-FEW-HICCUPS-MORE-U.S.A-AND-ITS-PRIVACY-LAWS...
SECTOR-SPECIFIC-REGULATIONS-AND-A-FEW-HICCUPS-MORE-U.S.A-AND-ITS-PRIVACY-LAWS...DaviesParker
 
KSA PDPL - Personal Data Protection Law.pdf
KSA PDPL - Personal Data Protection Law.pdfKSA PDPL - Personal Data Protection Law.pdf
KSA PDPL - Personal Data Protection Law.pdfDaviesParker
 
California-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdfCalifornia-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdfDaviesParker
 
A Guide for Businesses.pdf
A Guide for Businesses.pdfA Guide for Businesses.pdf
A Guide for Businesses.pdfDaviesParker
 
FISMA COMPLIANCE.pdf
FISMA COMPLIANCE.pdfFISMA COMPLIANCE.pdf
FISMA COMPLIANCE.pdfDaviesParker
 
What Does A Data Protection Officer Do.pdf
What Does A Data Protection Officer Do.pdfWhat Does A Data Protection Officer Do.pdf
What Does A Data Protection Officer Do.pdfDaviesParker
 
External Network PT - Tsaaro
External Network PT - TsaaroExternal Network PT - Tsaaro
External Network PT - TsaaroDaviesParker
 

More from DaviesParker (14)

Annual-Report-on-Privacy-Fines-2022.pdf
Annual-Report-on-Privacy-Fines-2022.pdfAnnual-Report-on-Privacy-Fines-2022.pdf
Annual-Report-on-Privacy-Fines-2022.pdf
 
Report_PrivacyAmongChildren.pdf
Report_PrivacyAmongChildren.pdfReport_PrivacyAmongChildren.pdf
Report_PrivacyAmongChildren.pdf
 
Privacy as a Career
Privacy as a CareerPrivacy as a Career
Privacy as a Career
 
Responsible-A.I-and-Privacy-Report.pdf
Responsible-A.I-and-Privacy-Report.pdfResponsible-A.I-and-Privacy-Report.pdf
Responsible-A.I-and-Privacy-Report.pdf
 
Privacy-in-the-Metaverse
Privacy-in-the-MetaversePrivacy-in-the-Metaverse
Privacy-in-the-Metaverse
 
SECTOR-SPECIFIC-REGULATIONS-AND-A-FEW-HICCUPS-MORE-U.S.A-AND-ITS-PRIVACY-LAWS...
SECTOR-SPECIFIC-REGULATIONS-AND-A-FEW-HICCUPS-MORE-U.S.A-AND-ITS-PRIVACY-LAWS...SECTOR-SPECIFIC-REGULATIONS-AND-A-FEW-HICCUPS-MORE-U.S.A-AND-ITS-PRIVACY-LAWS...
SECTOR-SPECIFIC-REGULATIONS-AND-A-FEW-HICCUPS-MORE-U.S.A-AND-ITS-PRIVACY-LAWS...
 
China-PIPL.pdf
China-PIPL.pdfChina-PIPL.pdf
China-PIPL.pdf
 
KSA PDPL - Personal Data Protection Law.pdf
KSA PDPL - Personal Data Protection Law.pdfKSA PDPL - Personal Data Protection Law.pdf
KSA PDPL - Personal Data Protection Law.pdf
 
California-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdfCalifornia-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdf
 
A Guide for Businesses.pdf
A Guide for Businesses.pdfA Guide for Businesses.pdf
A Guide for Businesses.pdf
 
FISMA COMPLIANCE.pdf
FISMA COMPLIANCE.pdfFISMA COMPLIANCE.pdf
FISMA COMPLIANCE.pdf
 
What Does A Data Protection Officer Do.pdf
What Does A Data Protection Officer Do.pdfWhat Does A Data Protection Officer Do.pdf
What Does A Data Protection Officer Do.pdf
 
Sarvekshan.pdf
Sarvekshan.pdfSarvekshan.pdf
Sarvekshan.pdf
 
External Network PT - Tsaaro
External Network PT - TsaaroExternal Network PT - Tsaaro
External Network PT - Tsaaro
 

Recently uploaded

Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCRsoniya singh
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfmuskan1121w
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechNewman George Leech
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadAyesha Khan
 
NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...
NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...
NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...Khaled Al Awadi
 
A.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry BelcherA.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry BelcherPerry Belcher
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurSuhani Kapoor
 
(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCRsoniya singh
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
CATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDF
CATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDFCATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDF
CATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDFOrient Homes
 
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service DewasVip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewasmakika9823
 
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...lizamodels9
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...lizamodels9
 

Recently uploaded (20)

Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdf
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman Leech
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
 
NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...
NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...
NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...
 
KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)
 
A.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry BelcherA.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry Belcher
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
 
(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
CATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDF
CATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDFCATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDF
CATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDF
 
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service DewasVip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
 
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
 
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
 

DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf

  • 1. © 2023 Tsaaro. All rights reserved. DIGITAL PERSONAL DATA DIGITAL PERSONAL DATA PROTECTION ACT, 2023 PROTECTION ACT, 2023 PROVISIONS, CONTROLS & TOOLS
  • 2. www.tsaaro.com Page 2 Provisions Analysis Introduction Conclusion Executive Summary 01 02 03 04 Table of Content Applicability i Grounds for Processing Digital Personal Data ii Consent and Notice Requirements iii Additional Obligations of Significant Data Fiduciary iv Protection of Personal Data of Children v Rights of Data Principals vi Transfer of Personal Data vii Data Protection Board of India viii ix General Obligations of Data Fiduciary
  • 3. www.tsaaro.com Page 3 This paper is an in-depth analysis of the newly introduced Digital Personal Data Protection Act, 2023. The Act is a simple and lean piece of law representing India’s position on data protection principles vis-à-vis the roles and responsibilities of individuals & businesses. It highlights the key provisions of the Act that the organizations will have to look into before they embark on their privacy compliance journey. Introduction Nine key provision sets have been identified and explained clearly without diluting their legal consequences. The report provides for a comparison with Act's global contemporaries. Further, the paper also provides a compliance roadmap in order to fulfill the mandate of the provisions that have also been laid down. The paper is a point-in-time review and the observations and recommendations are made based on the framework of the 2023 Act. Executive Summary The information presented in this document is provided as-is and shall not be construed as legal advice. The assessment is a “point in time” analysis dependent on the 2023 Act. Due to any changes made to the Act, the findings at a later stage may not be the same as those reflected in this report. This is not a legal advice & should only be used for reference purposes. Disclaimer
  • 4. www.tsaaro.com Page 4 Provisions Analysis i Applicability an individual for personal or domestic purposes, personal data that has been made public by a data principal or under a legal obligation, or personal data that is necessary for research, archiving, or statistical purposes and data is not used for data principal-specific decisions and the processing complies with government-prescribed standards. The 2023 Act applies to processing of “Digital” personal data i.e., the data is collected in digital form, or collected in non-digital form and digitized subsequently within the Indian territory. The 2023 Act also applies to processing of personal data outside India in cases, where there is an offering of goods and services to Data Principals within the territory of India. This provision exempts processing of personal data when: Section 3: The Draft Bill of 2022 had previously proposed the applicability of the Bill to processing of digital personal data as well as where profiling and offering of goods and services were targeted at India. The Joint Parliamentary Committee had previously proposed a change in applicability of the data protection legislation to personal & non-personal data, under the Data Protection Act, 2021. But this Act only extends the applicability to personal data in a digitized format. Comparison to its Previous Iterations What are the sources of data collection? Is processing done within the Indian territory or outside but the goods/services are targeted at the Indian population? Is there any process set in place to digitize data collected offline? Before organizations begin their compliance journey and strategize their policies and procedures, they must strictly look into the applicability of the Act on their format of processing. Questions to consider can be: Compliance Road-Map
  • 5. www.tsaaro.com Page 5 Applicability Matrix Not Applicable Whether your organization processes personal data of individuals? If personal data is collected from Data Principals in digital form OR If personal data collected in non-digital form, is digitized subsequently. If the processing is in connection with any activity related to offering of goods or services to data principals within the territory of India. Whether your organization processes personal data within the territory of India? Whether your organization processes personal data outside the territory of India? i
  • 6. www.tsaaro.com Page 6 Grounds for Processing Digital Personal Data Processing shall be considered to be legitimate if it aligns with the provisions of the 2023 Act, or where the Data Principal has given her consent, and is for a lawful purpose. Lawful purpose has been defined as any purpose that is not prohibited by law. ii Section 4: The Draft Bill of 2022 provided processing of digital personal data for lawful purposes including when in circumstances when deemed consent is provided by an individual. European Union: GDPR lays down grounds for processing under Article 6. These are: legitimate interest, consent, vital interest, contractual necessity, public interest and legal obligation Comparison to Other Laws Is the purpose of processing legitimate or is the purpose in violation of any law in force? Whether the grounds for processing personal data is proportional to the rights vested with the data principals? Lawful basis or legal grounds for processing digital personal data acts as a shield for organizations against regulatory and financial penalties. Additionally, choosing a legitimate purpose for processing aids the business to limit its processing within the contours of the law and attracts consumer trust and builds goodwill. In order to assess the legal ground to rely on, organizations should keep in mind the following: Compliance Road-Map FINANCIAL PENALTY: Upto 50 crores
  • 7. www.tsaaro.com Page 7 Consent and Notice Requirements The 2023 Act emphasizes on a person’s right to know what personal information a Data Fiduciary is collecting and the reason behind such collection. The Act provides that valid consent needs to be free, specific, informed, unconditional and unambiguous and involves a clear affirmative action which should signify agreement to the processing of the individual's personal data for such specified purpose. Consent should not be irrevocable and permanent, and the Data Principal may withdraw consent at any time. The Act stipulates that consent of data principles may be managed by a Consent Manager. The Notice-related requirements under Section 5 of the 2023 Act focus on three things: it has to be written in clear words, it has to be in simple language and be available in the languages listed on the Eighth Schedule of the Constitution of India. This notice must also prescribe the Data Principal on the manner of filing a complaint to the Data Protection Board. iii Section 5 and Section 6: FINANCIAL PENALTY: Upto 50 crores GDPR, under Article 7, discusses consent and its essentials. Consent has to be freely given, unambiguous, in clear and plain language. There must also be an option to withdraw consent. Comparison to Other Laws When should Data Principals be notified of processing their personal data? Whether the notice contains the required information in clear and plain language? Is there a process for the withdrawal of consent being provided? Consent management is a hallmark of the Act and therefore solutions and tools can help automate consent management. In order to assess the legal ground to rely on, organizations should keep in mind the following: Compliance Road-Map
  • 8. www.tsaaro.com Page 8 General Obligations of Data Fiduciary Data Fiduciary means any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data. There are obligations laid down on such data fiduciaries for processing of personal data accurately and in line with legitimate uses (Section 7), deletion and retention of personal data, breach notification, grievance management, processor management and implementation of technical and organizational safeguards to efficiently protect personal data. iv Section 8: Under the GDPR, data controllers are the organizations with a horizon of responsibilities and obligations. Data controllers are the organizations that define the purpose and means of data processing, just like under the Indian Act. Comparison to Other Laws Has the organization defined appropriate time-periods for data retention and deletion? Are there efficient mechanisms in place to ensure grievances and personal data breach management? Are there technical and organizational measures established to ensure adherence to the provisions of the Act? Are there reasonable security measures in place to secure personal data from breach incidents? For a well-rounded compliance framework, Data Fiduciaries have to identify the privacy risks in the organization and accordingly undertake Data Discovery and Data Mapping, and draft appropriate Data Processing Agreements with Processors, Retention Schedules, etc. Compliance Road-Map FINANCIAL PENALTY: Upto 250 crores
  • 9. www.tsaaro.com Page 9 Additional Obligations of Significant Data Fiduciary Central Government may notify any Data Fiduciary or class of Data Fiduciaries as Significant Data Fiduciary. This category has additional obligations like appointment of a Data Protection Officer (DPO), Independent Data Auditor, and conduct Periodic Data Protection Impact Assessments (DPIA). Such class of data fiduciaries shall be notified by the government on the basis of a list of criteria provided in the Act. v Section 10: This provision has been maintained from the previous Draft Bill of 2022. Does your organization have well-trained professionals to undertake the role of a Data Protection Officer? Additionally, have you appointed an Independent Data Auditor? Has your organization documented procedures and processes to conduct data audits and periodic assessments of business functions? Does your organization have systematic processes in place for consent and privacy rights management? Does your organization have privacy-sensitive employees and conduct effective trainings and up-skilling exercises? For a well-rounded compliance framework to shield the organizations, certain steps will be required to be taken appointment of relevant persons, conducting training and awareness programs for the employees, consent management, documentation of data subject request forms and processes, Data Inventory, Periodic DPIAs and Audits, etc. Compliance Road-Map FINANCIAL PENALTY: Upto 150 crores
  • 10. www.tsaaro.com Page 10 Protection of Personal Data of Children The data fiduciaries are entrusted with the obligation to obtain verifiable consent from the lawful guardians prior to the processing of personal data of a child or a person with a disability. They are prohibited from undertaking the processing of personal data that is likely cause any detrimental effect on the well-being, tracking or behavioral monitoring, or targeted advertising directed at the data principals mentioned in Section 9. vi Section 9 European Union: GDPR allows member state to define the age limit for an individual to be considered a child, provided that such an age is not below 13 years. Prior to the processing of the personal data of children, authorized parental consent is required. California: CPRA provides for explicit consent from children between the age of 13 - 16, and from parents/ lawful guardians for children below the age of 13. The protection of children's data is also aligned with Children’s Online Privacy Protection Act (COPPA) which stipulates verifiable parental consent. Comparison to Other Laws FINANCIAL PENALTY: Upto 200 crores Does the organization process personal data belonging to children? Has the organization incorporated appropriate measures to ensure that the verifiable consent of the lawful guardians is recorded prior to the processing of personal data of children? It is recommended that the organizations ensure compliance with the provisions laid down in the 2023 Act in the following manner: Compliance Road-Map
  • 11. Right to Access Information about Personal Data The data principal is vested with the right to obtain from the data fiduciaries to whom consent has been provided; a summary of their personal data being processed & the processing activities; identities of all the data fiduciaries with whom their personal data was shared by identifying the categories of personal data so shared; and, any other information related to personal data, which may be prescribed. Right of Grievance Redressal The data principal is vested with the right to a ‘readily available’ means of registering a grievance with the data fiduciary or consent manager in respect of any act or omission of such Data Fiduciary or Consent Manager regarding the performance of its obligation. The data fiduciary shall be required to respond to such grievances within the period as may be prescribed by the Central Government by way of rules or notification. www.tsaaro.com Page 11 Rights of Data Principals vii Right to Correction & Erasure of Personal Data The data principal would have the right to correction, completion, updating and erasure of their personal data for which they had previously given consent to be processed. The data fiduciary is obligated to correct the data principal’s inaccurate or misleading personal data; to complete their incomplete personal data; to update their personal data; to erase their personal data in cases where the data principal withdraws their consent, or when the data is no longer necessary for the purpose for which it was processed unless retention is mandated for a legal purpose. Right to Nominate The data principal has the right to nominate any other individual, who in the event of death / incapacity (“incapacity” meaning inability to exercise the rights of the Data Principal unsoundness of mind or infirmity of body) of the data principal, could exercise the rights guaranteed under the Act. 1. 2. 3. 4.
  • 12. www.tsaaro.com Page 12 Rights of Data Principals vii The rights identified under GDPR, the Draft Bill, 2022, & the 2023 Act have been enumerated hereunder. Comparison to Other Laws Sl. No. Data Subject Rights under European Union GDPR Data Principal Rights under DPDPB, 2022 Data Principal Rights under DPDBA, 2023 1 Right of Access by the data subject Right to Information about Personal Data Right to Access Information about personal data 2 Right to Rectification Right to Correction Right to Correction 3 Right to Erasure ('to be forgotten') Right to Erasure Right to Erasure 4 Right to Restriction of Processing N/A N/A 5 Right to Data Portability N/A N/A 6 Right to Object Right of Grievance Redressal Right of Grievance Redressal 7 N/A Right to Nominate Right to Nominate Has the Organization informed the data principals of the rights vested with them under the Act, through the privacy policy? Has the Organization implemented the appropriate data subject requests tool? It is recommended for organizations to ensure compliance with the legal grounds in the following manner: Compliance Road-Map
  • 13. www.tsaaro.com Page 13 Transfer of Personal Data The Bill stipulates a general rule against transfer of personal data to any country outside the territory of India as notified by the Central Government and such transfers are subject to satisfaction of at least one of the conditions prescribed under Section 17 of the Act. viii Section 16 GDPR lays down certain safeguards to protect the personal data that is being transferred to third countries / international organizations, which are primarily inclusive of - Binding Corporate Rules, Standard Contractual Clauses and Adequacy Decisions. Comparison to Other Laws Has the organization that transfers personal data beyond the territory of India ensured that a Transfer Impact Assessment is conducted to assess and analyze whether the third parties/vendors have appropriate measures incorporated to protect the personal data? Has the Organization implemented measures to ensure that the Data Processing Agreements are in place, in case of any such transfer of personal data beyond India? It is recommended to the Organizations comply with the provisions and legal grounds laid down in the 2023 Act in the following manner: Compliance Road-Map FINANCIAL PENALTY: Upto 50 crores
  • 14. www.tsaaro.com Page 14 Data Protection Board of India Chapter V (Section 18- 26) and Chapter VI (Section 27 and 28) The Act proposes the establishment of the Data Protection Board of India. The Board has been identified as an independent body, functioning as a digital office by adopting the techno-legal measures as may be prescribed. The Board is responsible for investigating data breaches, addressing complaints from Data Principals, and imposing penalties on Data Fiduciaries, Consent Managers, and intermediaries as per the Act. ix GDPR mandates every Member State to establish an independent supervisory authority in order to monitor the application of the regulatory requirements, to protect the rights & freedoms of the data subjects whose personal data is processed and, to facilitate the free flow of the personal data within the Union. Comparison to Other Laws Investigation and inquiry into personal data breaches, as well as imposing urgent remedial and mitigating measures for breach containment. Take cognizance of violations of the Act on the receipt of a complaint filed by a data principal against a data fiduciary and/or consent manager, and to impose penalties. Take cognizance and initiate inquiries on the violations by an intermediary, as per references made by the Central Government. Take appropriate action against any consent manager on being intimated of any breach of registration condition, and impose penalties. Impose penalties against the appropriate party as per Schedule of the Act. Functions of the Data Protection Board
  • 15. www.tsaaro.com Page 15 Conclusion The Digital Personal Data Protection Act 2023 is a lean and simple piece of law that focuses on "digitized" personal data. This whitepaper serves as a compliance guide for the organizations that want to develop a roadmap in anticipation of the Indian Act on Data Protection. Tsaaro can help you on this journey of compliance with our holistic data protection services. Privacy Risk Management Privacy Audit DPO as a Service Consent Management Product Privacy Assessment Cookie Compliance Privacy Program Development Privacy Training Think Privacy, Think Tsaaro
  • 16. www.tsaaro.com Page 16 About Tsaaro At Tsaaro, we empower businesses to manage their compliance with data privacy and cybersecurity regulations. Our Mission is to assist businesses in achieving this because we are fervently committed to safeguarding the individuals who are the sources of the data. We have been at the forefront of ensuring that companies instill the best data protection and cybersecurity safeguards at their organisation and helped them save up to $100,000 which they would have paid in fine to Regulatory Authorities. Our strength lies in assessing security and privacy risks, monitoring threats, and safeguarding applications against compliance issues. Our Services Data Privacy Services Privacy Implementation Program System Integrators Information Security Services & Industry Standard Compliance Data Governance Staff Augmentation Services 150+ 100+ 22+ 60+ Total Projects Completed Regulations/Standards Covered Clients across 7 Geographies Privacy & Security Experts Vodafone EXL Flipkart Vistara Airlines Titan DarwinBox
  • 17. Tsaaro Amsterdam Office Regus Schiphol Rijk Beech Avenue 54-62, Het Poortgebouw, Amsterdam, 1119 PW, Netherlands P: +31- 639875167 Akarsh Singh (CEO & Founder, Tsaaro) Akarsh is a CIPP/E, CIPM, CIPT, Fellow in Information Privacy by IAPP, and an IAPP Advisory Board Member. His expertise lies in Data Privacy and Information Security Compliance. WHY TSAARO? CONTACT US Email us info@tsaaro.com Tsaaro Bangalore Office Manyata Embassy Business Park, Ground Floor, E1 Block, Beech Building, Outer RingRoad, Bangalore- 560045 India P: +91 77609-23421 Tsaaro provides Privacy & Cybersecurity services to help organizations meet regulatory requirements while maintaining a robust security infrastructure. Our industry-standard privacy services include DPO-as-a-service, DPIA, Privacy Program Development, Privacy Risk Management, Cookie Compliance Program, Consent Management, to name a few, delivered by our expert privacy professionals recognized by IAPP. Tsaaro Gurugram Office Level 1, Building 10A, Cyber Hub, DLF Cyber City, Gurugram, Haryana 122002 India +91 77609-23421 Krithi Shetty Senior Data Protection Consultant, Tsaaro Shilpa Margaret Kurian Data Protection Consultant, Tsaaro Sonakshi Singh Data Protection Consultant, Tsaaro Vaishali Venkatesh Gangaraddi Data Protection Consultant, Tsaaro