What is Digital Personal Data Protection Act?? - TONTUF Money

The Digital Personal Data Protection Act, 2023 (PDPA) is a law that was passed by the Indian Parliament on August 9, 2023. The PDPA is designed to protect the privacy of individuals' personal data that is processed by organizations in India.

The PDPA defines personal data as any information that can be used to identify an individual, such as their name, address, phone number, email address, and financial information. The PDPA also defines sensitive personal data as personal data that is about an individual's race, religion, caste, sex, health, or biometrics.

The PDPA gives individuals a number of rights with respect to their personal data, including the right to:

• Know what personal data is being collected about them and how it is being used.
• Rectify or erase inaccurate or incomplete personal data.
• Object to the processing of their personal data.
• Port their personal data to another organization.
• File a complaint with the Data Protection Authority (DPA).

The PDPA also imposes a number of obligations on organizations that process personal data, including the obligation to:

• Obtain consent from individuals before collecting their personal data.
• Use personal data only for the purposes for which it was collected.
• Keep personal data secure.
• Delete personal data when it is no longer needed.

The PDPA is a comprehensive law that is designed to protect the privacy of individuals' personal data. The PDPA is expected to have a significant impact on the way that organizations collect, use, and store personal data in India.

Here are some of the key features of the PDPA:

• It applies to all organizations that process personal data of individuals located in India, regardless of whether the organization is located in India or not.
• It gives individuals a number of rights with respect to their personal data, including the right to know, rectify, erase, object, port, and complain.
• It imposes a number of obligations on organizations that process personal data, including the obligation to obtain consent, use personal data only for the purposes for which it was collected, keep personal data secure, and delete personal data when it is no longer needed.
• It establishes the Data Protection Authority (DPA), which is responsible for enforcing the PDPA.

The PDPA is a significant step forward for data protection in India. It is expected to have a positive impact on the way that organizations collect, use, and store personal data in India.