We are excited to share with you the insights from our recent webinar on the Digital Personal Data Protection Act, 2023 as part of the Resurgent India Knowledge Series, hosted by Resurgent India. In this webinar, our distinguished speakers delved into the fundamental aspects of the act, its implications for businesses and individuals, and its alignment with existing laws.
Sumit Kochar, TEP (Partner – Dolce Vita Advisors) During the webinar, Mr. Sumit Kochar provided a comprehensive overview of the act’s key provisions, particularly focusing on the grounds for processing personal data. He highlighted that personal data encompasses any information related to an identified or identifiable individual. For the processing of such data, he emphasized the need to fulfill specific tests, including compliance with the Act, lawful purpose, and obtaining consent unless for legitimate uses. Mr. Kochar shed light on the varied legitimate uses, from medical emergencies to employment-related purposes, where consent might not be explicitly required.
Shivam Gera (Principal Associate – Dolce Vita Advisors) Mr. Shivam Gera took a deep dive into the rights of data principals and the evolution from the current SPDI Rules to the enhanced rights provided by the Act. He emphasized that data principals entrust their personal information to data fiduciaries with the expectation of responsible use. The Act introduces various rights for data principals, including access, correction, erasure, grievance redressal, and the ability to nominate a data handler. These rights grant individuals greater control and transparency over their personal data.
Mr. Kochar further explored the nuances of consent and lawful processing. He discussed how legitimate use is established when processing data becomes necessary and outweighs potential risks to the data subject. He elaborated on scenarios where consent might not be explicitly required, such as cases where data subjects provide data voluntarily for specific purposes or where the state provides services based on prior consent. This nuanced approach empowers data principals while allowing for responsible data use.
In a comprehensive segment on data transfers, Mr. Gera highlighted the Act’s emphasis on collecting only necessary personal data for a specific purpose. He discussed the obligation for data fiduciaries to delete data when consent is withdrawn or the purpose is fulfilled.
Mr. Kochar delved into the Act’s provisions for data breach regulation, comparing it with the existing framework under the IT Act. He elaborated on the Act’s requirement for data fiduciaries and processors to notify the Data Protection Board and affected individuals in case of a data breach. The Act outlines specific penalties for various breach scenarios, ranging from breach of security safeguards to failure to notify about a breach.
We would like to express our gratitude to the speakers and participants for their valuable contributions to the webinar. Stay tuned for more insightful discussions and updates on the evolving landscape of data protection and privacy.
