Data Protection & Privacy (DPDP Act)

Overview

Providing comprehensive legal counsel on India's landmark Digital Personal Data Protection Act, 2023. Our services cover data privacy compliance, data fiduciary obligations, consent management frameworks, cross-border data transfer regulations, data breach notification protocols, and representation before the Data Protection Board of India. We guide businesses and organizations through the entire lifecycle of data protection compliance under the DPDP Act regime.

Key Areas of Focus

  • DPDP Act Compliance & Advisory
  • Data Protection Impact Assessments (DPIA)
  • Privacy Policy Drafting & Consent Frameworks
  • Cross-Border Data Transfer Compliance
  • Data Breach Response & Notification
  • Representation before Data Protection Board

Primary Legislation & Statutes

Digital Personal Data Protection Act, 2023 Information Technology Act, 2000 (Section 43A & 72A) IT (Reasonable Security Practices) Rules, 2011

Frequently Asked Questions

The DPDP Act applies to all 'Data Fiduciaries' processing digital personal data within India, as well as entities outside India that process personal data in connection with offering goods or services to Data Principals within India. The Act covers both government and private entities.

Key obligations include: obtaining verifiable consent before processing personal data, implementing reasonable security safeguards, notifying data breaches to the Data Protection Board, appointing a Data Protection Officer (for Significant Data Fiduciaries), and responding to data principal rights requests within specified timelines.