India's Digital Personal Data Protection Act, 2023 (DPDP Act) marks a watershed moment in the country's data protection landscape.
Understanding the DPDP Act Framework
- Lawfulness, Fairness, and Transparency
- Purpose Limitation: Data collected for specified purposes only
- Data Minimization: Collect only necessary data
Consent Management: The Cornerstone
Consent under DPDP Act must be free, specific, informed, unconditional, and unambiguous through clear affirmative action.
Penalties and Enforcement
- Data Fiduciary Violations: Up to INR 250 crores
- Failure to Implement Security: Up to INR 200 crores
