DPDP Act: Foundations of Data Privacy and the DPDP Act 2023

This topic explains how data protection in India developed over time, starting from the Information Technology Act, 2000 and the 2011 Rules on sensitive personal data. It then covers the landmark Supreme Court judgment in Justice K.S. Puttaswamy (Retd.) v. Union of India, which recognised the right to privacy as...

This topic explains how data protection in India developed over time, starting from the Information Technology Act, 2000 and the 2011 Rules on sensitive personal data. It then covers the landmark Supreme Court judgment in Justice K.S. Puttaswamy (Retd.) v. Union of India, which recognised the right to privacy as a fundamental right under the Indian Constitution. Learners are introduced to the series of draft data protection bills considered between 2018 and 2022, and how public debate around Aadhaar, fintech, social media and big tech shaped the need for a dedicated data protection law. The topic then briefly touches upon global influences, such as the European Union’s GDPR, and how they inspired certain concepts within the Indian law while still reflecting India-specific realities. By the end, employees will understand that the DPDP Act is not an isolated development but the result of years of legal, technological and social evolution in India’s approach to privacy.

Show more

This topic clarifies the scope of the DPDP Act using everyday corporate examples. It explains that the Act applies to digital personal data and to personal data that is digitised from a non-digital form, when such processing is in India or relates to offering goods or services to individuals in...

This topic clarifies the scope of the DPDP Act using everyday corporate examples. It explains that the Act applies to digital personal data and to personal data that is digitised from a non-digital form, when such processing is in India or relates to offering goods or services to individuals in India. The topic gives simple examples of covered processing, such as employee HR systems, customer databases, vendor onboarding tools, CRM platforms and mobile apps. It also mentions key exclusions in simple terms, such as personal or household use, certain notified exemptions and anonymised data. The concept of extraterritorial application is explained by showing how foreign companies that offer services to Indian users may also fall within the law. By the end, learners can recognise whether a data handling situation they are involved in is likely to fall under the DPDP framework and therefore requires compliant behaviour.

Show more

This topic builds a shared vocabulary for later learning. It defines personal data as any data about an individual who is identifiable, and explains what counts as digital personal data in everyday workplace systems. The topic clarifies what ‘processing’ means by using concrete actions such as collecting, storing, using, sharing,...

This topic builds a shared vocabulary for later learning. It defines personal data as any data about an individual who is identifiable, and explains what counts as digital personal data in everyday workplace systems. The topic clarifies what ‘processing’ means by using concrete actions such as collecting, storing, using, sharing, analysing or deleting data. It then introduces the idea of a Data Principal as the individual to whom the data relates, for example an employee, customer, candidate or vendor contact. A Data Fiduciary is explained as the organisation that decides why and how personal data is processed, such as the employer or company. The role of a Data Processor is described as a third party that processes personal data on behalf of the Data Fiduciary under a contract, such as a payroll vendor or cloud service provider. The topic uses practical scenarios to help learners identify which role applies to whom in common situations, avoiding legal jargon while staying consistent with the Act’s definitions.

Show more

This topic introduces the idea of personal data and explains how almost every activity in a corporate environment generates data about individuals, such as employees, customers and vendors. It uses simple workplace examples to show how data is collected through HR systems, attendance tools, emails, websites, apps and customer interactions....

This topic introduces the idea of personal data and explains how almost every activity in a corporate environment generates data about individuals, such as employees, customers and vendors. It uses simple workplace examples to show how data is collected through HR systems, attendance tools, emails, websites, apps and customer interactions. The topic then discusses the potential harms from data misuse or leaks, including identity theft, financial fraud, reputational damage, discrimination and loss of customer trust. It connects these risks to business impacts such as regulatory penalties, lawsuits, loss of market reputation and disruption of operations. Global trends are briefly introduced, including headline data breaches and the rise of privacy laws worldwide, to show that privacy is now a core governance and risk issue rather than a purely technical concern. By the end, learners understand why privacy is relevant to their own role, regardless of department, and why simply ‘following orders’ is not enough if those orders conflict with legal or ethical data handling standards.

Show more

This topic provides a plain-language overview of the Digital Personal Data Protection Act, 2023. It explains the stated objectives of the Act, including protecting the rights of individuals (Data Principals) and establishing obligations for organisations (Data Fiduciaries) that process digital personal data. The topic walks through the main building blocks...

This topic provides a plain-language overview of the Digital Personal Data Protection Act, 2023. It explains the stated objectives of the Act, including protecting the rights of individuals (Data Principals) and establishing obligations for organisations (Data Fiduciaries) that process digital personal data. The topic walks through the main building blocks of the Act: scope and application, lawful processing of personal data, rights and duties of Data Principals, obligations of Data Fiduciaries and Significant Data Fiduciaries, special rules for children, cross-border transfers, the Data Protection Board of India, penalties and enforcement. Without going into section numbers, the topic highlights recurring themes such as consent, legitimate uses, transparency, data minimisation, accuracy, security safeguards, retention, accountability and grievance redressal. By the end, learners have a mental map of the law so that later detailed topics can be easily placed in context.

Show more