DPDP Act: Secure Data Handling in Daily Work

This topic focuses on HR and people-related scenarios where large volumes of sensitive personal data are handled. It describes good practices for collecting only necessary information during recruitment, storing CVs and interview notes securely, and limiting access to those with a genuine need to know. The topic covers secure handling...

This topic focuses on HR and people-related scenarios where large volumes of sensitive personal data are handled. It describes good practices for collecting only necessary information during recruitment, storing CVs and interview notes securely, and limiting access to those with a genuine need to know. The topic covers secure handling of payroll and benefits data, background verification reports, performance appraisals, medical records and disciplinary files. It warns against using unapproved tools or personal email for sharing HR data and highlights the importance of role-based access controls. Typical mistakes, such as sending salary statements to the wrong email address or leaving files exposed on shared drives, are discussed along with corrective steps. Learners understand that HR data is particularly sensitive and that sloppy handling can quickly translate into DPDP violations and employee distrust.

Show more

This topic addresses how sales and marketing teams should manage personal data of customers and prospects. It explains the importance of capturing lawful basis (consent or legitimate use) in CRM tools, respecting do-not-contact lists and unsubscribe requests, and avoiding unauthorised list sharing or purchases. The topic illustrates safe practices for...

This topic addresses how sales and marketing teams should manage personal data of customers and prospects. It explains the importance of capturing lawful basis (consent or legitimate use) in CRM tools, respecting do-not-contact lists and unsubscribe requests, and avoiding unauthorised list sharing or purchases. The topic illustrates safe practices for running email campaigns, events and lead generation activities, including minimising data fields collected and providing clear notices. It warns against exporting large customer lists to local drives, using personal devices without safeguards, or sharing data with external agencies without a proper contract. Realistic examples show how mis-targeted campaigns, mishandled spreadsheets or unauthorised uploading of contact lists to third-party tools can trigger DPDP compliance issues. Learners gain practical do’s and don’ts they can apply immediately in their outreach activities.

Show more

This topic addresses the additional risks that arise when employees work from home, travel or use personal devices (BYOD) for work. It outlines essential practices such as using only approved devices and networks for accessing systems with personal data, enabling full-disk encryption where required, avoiding use of public Wi-Fi without...

This topic addresses the additional risks that arise when employees work from home, travel or use personal devices (BYOD) for work. It outlines essential practices such as using only approved devices and networks for accessing systems with personal data, enabling full-disk encryption where required, avoiding use of public Wi-Fi without secure tunnels, and never leaving unlocked devices unattended. The topic also covers physical security: locking cabinets containing paper files, shredding sensitive printouts instead of binning them, and ensuring visitor access to offices does not expose folders or screens with personal data. It highlights the importance of reporting lost or stolen devices immediately so that security teams can take action. By the end, learners understand that privacy risk extends beyond software and that their physical environment and personal habits play a vital role in DPDP compliance.

Show more

This topic emphasises that strong privacy compliance depends on consistent, documented processes rather than one-off decisions. It explains why employees should use official, approved systems and workflows for collecting, storing, sharing and deleting personal data, instead of informal workarounds like personal email accounts, consumer cloud apps or unapproved spreadsheets. The...

This topic emphasises that strong privacy compliance depends on consistent, documented processes rather than one-off decisions. It explains why employees should use official, approved systems and workflows for collecting, storing, sharing and deleting personal data, instead of informal workarounds like personal email accounts, consumer cloud apps or unapproved spreadsheets. The topic discusses how process documentation, standard operating procedures and checklists help demonstrate DPDP compliance to regulators and auditors. It highlights the risks posed by shadow IT and ad-hoc processes that bypass built-in security and logging. Learners are encouraged to suggest improvements to existing processes through formal channels rather than inventing individual shortcuts. By the end, they see themselves as partners in keeping processes robust, auditable and aligned with both law and policy.

Show more

This topic focuses on everyday communication tools that are common sources of accidental breaches. It explains safe practices for sending emails containing personal data, such as double-checking recipients, using the blind carbon copy (BCC) field appropriately, and avoiding unnecessary inclusion of personal details. The topic discusses secure use of chat...

This topic focuses on everyday communication tools that are common sources of accidental breaches. It explains safe practices for sending emails containing personal data, such as double-checking recipients, using the blind carbon copy (BCC) field appropriately, and avoiding unnecessary inclusion of personal details. The topic discusses secure use of chat and collaboration platforms, including controlling channel membership, restricting file sharing where appropriate and avoiding sharing screenshots or documents containing sensitive data in broad groups. It also touches on automatic forwarding, syncing to personal devices and the risks of using unauthorised apps. Practical examples of misdirected emails, accidentally exposed links or wrongly configured shared folders illustrate how small slips can have serious consequences. Learners are given simple checklists to follow before sending or sharing anything containing personal data.

Show more