Glossary
DPDPA, which stands for the Digital Personal Data Protection Act, 2023, is India's groundbreaking law to protect the digital personal data of its citizens. The Act was passed by the Indian Parliament in August 2023, and is an important milestone in building a framework for regulating the use of personal information and how organizations handle it in an increasingly digital Indian economy. DPDPA aims to help individuals exert more control over their data and make it clear which organizational party is responsible for the collection, processing, and storage of their data when it is shared in an online situation.
DPDPA essentially provides a framework for India, in much the same way as GDPR or HIPAA provide frameworks in other parts of the world. The law addresses the inherent realities in a nation that is rapidly digitizing, where large amounts of personal data are being created and exchanged on a daily basis. The law's main goal is to create a safe and secure digital environment for all concerned.
Key Principles and Rights of Individuals Under DPDPA
DPDPA is premised on a few key principles (for anyone using or handling data - called 'Data Fiduciaries' and 'Data Processors') and provides rights to individuals (called 'Data Principals') in relation to their digital personal data:
Key Principles (for organizations):
Lawfulness of Processing: Personal data shall be processed lawfully, fairly, and in a transparent manner, only for a specific, clear, and lawful purpose.
Purpose Limitation: Organizations should only use the data for the purpose it was collected for.
Data Minimization: Collect only that personal data which is necessary for the identified purpose.
Accuracy: The organization must make sure it is maintaining accurate and up-to-date personal data.
Storage Limitation: The organization must not retain personal data for longer than necessary for the specified purpose. [Completed the sentence based on common data protection principles and similar context in previous glossaries.]
Appropriate Security Controls: Entities must establish appropriate security controls to mitigate a personal data breach.
Accountability: Data Fiduciaries are accountable for adhering to the terms of the Act, and they must be able to demonstrate they complied with DPDPA.
Individual Rights (for 'Data Principal'):
Right to Know: Individuals have the right to know information about their personal data and how this data is being processed.
Right to Correction and Deletion: Individuals can ask for their data to be corrected if it is inaccurate, and in some cases, even have their data deleted upon request.
Right to Redressal: Individuals may seek redressal for their complaints about personal data.
Right to Nominate: Individuals may nominate another individual to exercise their rights upon death or incapacity.
Why Compliance with the DPDPA is Important for companies in India
The DPDPA is critical legislation for any business with a global footprint that will engage with Indian consumers because the DPDPA has broad territorial applicability. Not only does it apply to entities located within India, but it also applies to entities located outside India if they process the digital personal data of 'Data Principals' located within India.
Here is why proper DPDPA compliance is even more important for organizations that operate today:
Protects Individual Privacy: DPDPA primarily relies on the notion of giving Indian citizens more control and agency over how their personal digital data is used and shared, which ultimately leads to trust in the digital ecosystem.
Mandates Strong Data Security: The Act explicitly mandates that Data Fiduciaries must "implement reasonable security safeguards" to protect personal data from breaches. This means that data fiduciaries are required to adopt strong IT controls such as strong Identity and Access Management (IAM), Privileged Access Management (PAM), encryption, audit logging, and periodic security audits or security assessments that encompass the specific requirement to protect sensitive information.
Broad Applicability: DPDPA is broad and applies to numerous persons whether as governmental agencies, corporations or even individuals (in certain contexts). Its extraterritorial applicability means all legitimate entities regardless of where they processed data of people from India must comply.
Requires Consent and Transparency: The Act emphasizes the need to obtain clear, understandable, and informed consent from individuals before processing their data, along with the need to provide transparent information on what processing is being done with their data.
Enforces Accountability: Data Fiduciaries are accountable for their processing activities and must show proof of compliance, fostering an ethical culture of responsibility in their handling of data.
Avoids Heavy Penalties: Potentially, a violation of DPDPA risks heavy financial penalties which could result in a loss of potentially up to ₹250 Crores (~30 million USD) in fines for a serious breach. In addition, there is the further reputational damage of violating the law.
Drives Better Data Governance: To demonstrate compliance with DPDPA, organizations will need to know what digital personal data they own, where it is stored, what people it is shared with, where the data is processed, and the means for its eventual deletion. This triggers better data governance practices like no one has seen before.
Fosters a Trusted Digital Economy: The intention of the DPDPA is to provide clear rules and protections so all of India and not just its marketplaces can benefit from a safer, more dependable digital economy, and ultimately support digital innovation for the economy while upholding individual rights.
ReShield offers an identity security platform that is directly correlated with the Digital Personal Data Protection Act (DPDPA) principles and requirements. Its unified approach for Identity and Access Management (IAM), Privileged Access Management (PAM), Identity Governance and Administration (IGA), and Identity Security Posture Management (ISPM) capabilities allows organizations to meet DPDPA requirements. ReShield affords organizations strong security controls like Least Privilege Access (LPA); identity lifecycle management for humans and machines; enforced Separation of Duties (SoD); strong audit trails; and continuous absolute visibility over all logical digital personal data access. Overall, ReShield removes the frictions in complying with the DPDPA and strongly protects individual privacy and mitigates compliance risks.
![](data:image/svg+xml,<svg aria-label="Vector" display="block" role="presentation" viewBox="0 0 66 13" xmlns="http://www.w3.org/2000/svg"><g d="M 9.6 0 L 6.4 0 C 6.179 0 6 0.179 6 0.4 L 6 12.174 C 6 12.327 6.088 12.467 6.226 12.534 C 6.364 12.601 6.528 12.583 6.648 12.488 L 9.848 9.961 C 9.944 9.885 10 9.77 10 9.648 L 10 0.4 C 10 0.179 9.821 0 9.6 0 Z M 4 1.889 C 4 1.398 4.398 1 4.889 1 C 4.95 1 5 1.05 5 1.111 L 5 11.111 C 5 11.602 4.602 12 4.111 12 C 4.05 12 4 11.95 4 11.889 Z M 2 3.889 C 2 3.398 2.398 3 2.889 3 C 2.95 3 3 3.05 3 3.111 L 3 10.111 C 3 10.602 2.602 11 2.111 11 C 2.05 11 2 10.95 2 10.889 Z M 0 5.889 C 0 5.398 0.398 5 0.889 5 C 0.95 5 1 5.05 1 5.111 L 1 8.111 C 1 8.602 0.602 9 0.111 9 C 0.05 9 0 8.95 0 8.889 Z M 15.78 6.036 L 15.78 9.849 L 14 9.849 L 14 0 L 17.993 0 C 20.219 0 21.611 1.029 21.611 3.018 C 21.611 4.568 20.748 5.556 19.287 5.898 L 21.861 9.849 L 19.83 9.849 L 17.395 6.036 Z M 15.78 4.526 L 17.896 4.526 C 19.176 4.526 19.858 3.978 19.858 3.018 C 19.858 2.044 19.176 1.508 17.896 1.508 L 15.78 1.508 L 15.78 4.527 Z M 25.973 10 C 23.886 10 22.425 8.477 22.425 6.255 C 22.425 4.143 23.872 2.51 25.904 2.51 C 28.018 2.51 29.145 4.088 29.145 6.063 L 29.145 6.612 L 24.025 6.612 C 24.151 7.846 24.902 8.601 25.973 8.601 C 26.794 8.601 27.448 8.189 27.671 7.449 L 29.104 7.984 C 28.589 9.246 27.434 10 25.974 10 Z M 25.89 3.896 C 25.027 3.896 24.36 4.403 24.109 5.377 L 27.462 5.377 C 27.448 4.582 26.947 3.896 25.89 3.896 Z M 29.633 8.477 L 30.885 7.49 C 31.316 8.19 32.151 8.656 33 8.656 C 33.71 8.656 34.363 8.409 34.363 7.764 C 34.363 7.147 33.751 7.078 32.596 6.845 C 31.442 6.612 30.12 6.324 30.12 4.787 C 30.12 3.471 31.289 2.51 32.972 2.51 C 34.252 2.51 35.393 3.073 35.922 3.868 L 34.795 4.87 C 34.377 4.225 33.682 3.855 32.875 3.855 C 32.193 3.855 31.748 4.156 31.748 4.636 C 31.748 5.158 32.276 5.254 33.195 5.446 C 34.433 5.706 35.991 5.967 35.991 7.613 C 35.991 9.067 34.641 10 32.986 10 C 31.636 10 30.286 9.465 29.633 8.477 Z M 37.273 9.85 L 37.273 0 L 38.943 0 L 38.943 3.416 C 39.446 2.828 40.186 2.496 40.96 2.51 C 42.49 2.51 43.409 3.553 43.409 5.103 L 43.409 9.849 L 41.739 9.849 L 41.739 5.583 C 41.739 4.691 41.378 4.047 40.459 4.047 C 39.708 4.047 38.943 4.595 38.943 5.624 L 38.943 9.85 Z M 45.085 1.687 L 45.085 0 L 46.81 0 L 46.81 1.687 Z M 46.783 2.647 L 46.783 9.85 L 45.113 9.85 L 45.113 2.647 Z M 51.626 10 C 49.539 10 48.078 8.477 48.078 6.255 C 48.078 4.143 49.525 2.51 51.556 2.51 C 53.671 2.51 54.798 4.088 54.798 6.063 L 54.798 6.612 L 49.678 6.612 C 49.803 7.846 50.554 8.601 51.626 8.601 C 52.446 8.601 53.1 8.189 53.323 7.449 L 54.756 7.984 C 54.241 9.246 53.086 10 51.626 10 Z M 51.542 3.896 C 50.68 3.896 50.012 4.403 49.762 5.377 L 53.114 5.377 C 53.1 4.582 52.6 3.896 51.542 3.896 Z M 57.72 0 L 57.72 9.85 L 56.05 9.85 L 56.05 0 Z M 62.23 10 C 60.184 10 59.016 8.299 59.016 6.255 C 59.016 4.211 60.184 2.51 62.23 2.51 C 63.176 2.51 63.871 2.88 64.33 3.416 L 64.33 0 L 66 0 L 66 9.85 L 64.33 9.85 L 64.33 9.095 C 63.871 9.63 63.176 10 62.23 10 Z M 64.372 6.05 C 64.372 4.691 63.593 3.95 62.563 3.95 C 61.353 3.95 60.699 4.883 60.699 6.255 C 60.699 7.627 61.353 8.56 62.563 8.56 C 63.593 8.56 64.373 7.805 64.373 6.475 L 64.373 6.049 Z" fill="transparent" height="12.574162748448197px" id="QLfKMvzoW" width="65.99999884033204px"><path d="M 3.6 0 L 0.4 0 C 0.179 0 0 0.179 0 0.4 L 0 12.174 C 0 12.327 0.088 12.467 0.226 12.534 C 0.364 12.601 0.528 12.583 0.648 12.488 L 3.848 9.961 C 3.944 9.885 4 9.77 4 9.648 L 4 0.4 C 4 0.179 3.821 0 3.6 0 Z" fill="rgb(0, 117, 255)" height="12.57416274844826px" id="eDniqsBDd" transform="translate(6 0)" width="4px"/><path d="M 0 0.889 C 0 0.398 0.398 0 0.889 0 C 0.95 0 1 0.05 1 0.111 L 1 10.111 C 1 10.602 0.602 11 0.111 11 C 0.05 11 0 10.95 0 10.889 Z" fill="rgb(0, 200, 255)" height="11px" id="vpxu5xc_q" transform="translate(4 1)" width="1px"/><path d="M 0 0.889 C 0 0.398 0.398 0 0.889 0 C 0.95 0 1 0.05 1 0.111 L 1 7.111 C 1 7.602 0.602 8 0.111 8 C 0.05 8 0 7.95 0 7.889 Z" fill="rgb(0, 117, 255)" height="8px" id="zrDMDG6rG" transform="translate(2 3)" width="1px"/><path d="M 0 0.889 C 0 0.398 0.398 0 0.889 0 C 0.95 0 1 0.05 1 0.111 L 1 3.111 C 1 3.602 0.602 4 0.111 4 C 0.05 4 0 3.95 0 3.889 Z" fill="rgb(0, 200, 255)" height="4px" id="k04AzW6af" transform="translate(0 5)" width="1px"/><path d="M 1.78 6.036 L 1.78 9.849 L 0 9.849 L 0 0 L 3.993 0 C 6.219 0 7.611 1.029 7.611 3.018 C 7.611 4.568 6.748 5.556 5.287 5.898 L 7.861 9.849 L 5.83 9.849 L 3.395 6.036 Z M 1.78 4.526 L 3.896 4.526 C 5.176 4.526 5.858 3.978 5.858 3.018 C 5.858 2.044 5.176 1.508 3.896 1.508 L 1.78 1.508 L 1.78 4.527 Z M 11.973 10 C 9.886 10 8.425 8.477 8.425 6.255 C 8.425 4.143 9.872 2.51 11.904 2.51 C 14.018 2.51 15.145 4.088 15.145 6.063 L 15.145 6.612 L 10.025 6.612 C 10.151 7.846 10.902 8.601 11.973 8.601 C 12.794 8.601 13.448 8.189 13.671 7.449 L 15.104 7.984 C 14.589 9.246 13.434 10 11.974 10 Z M 11.89 3.896 C 11.027 3.896 10.36 4.403 10.109 5.377 L 13.462 5.377 C 13.448 4.582 12.947 3.896 11.89 3.896 Z M 15.633 8.477 L 16.885 7.49 C 17.316 8.19 18.151 8.656 19 8.656 C 19.71 8.656 20.363 8.409 20.363 7.764 C 20.363 7.147 19.751 7.078 18.596 6.845 C 17.442 6.612 16.12 6.324 16.12 4.787 C 16.12 3.471 17.289 2.51 18.972 2.51 C 20.252 2.51 21.393 3.073 21.922 3.868 L 20.795 4.87 C 20.377 4.225 19.682 3.855 18.875 3.855 C 18.193 3.855 17.748 4.156 17.748 4.636 C 17.748 5.158 18.276 5.254 19.195 5.446 C 20.433 5.706 21.991 5.967 21.991 7.613 C 21.991 9.067 20.641 10 18.986 10 C 17.636 10 16.286 9.465 15.633 8.477 Z M 23.273 9.85 L 23.273 0 L 24.943 0 L 24.943 3.416 C 25.446 2.828 26.186 2.496 26.96 2.51 C 28.49 2.51 29.409 3.553 29.409 5.103 L 29.409 9.849 L 27.739 9.849 L 27.739 5.583 C 27.739 4.691 27.378 4.047 26.459 4.047 C 25.708 4.047 24.943 4.595 24.943 5.624 L 24.943 9.85 Z M 31.085 1.687 L 31.085 0 L 32.81 0 L 32.81 1.687 Z M 32.783 2.647 L 32.783 9.85 L 31.113 9.85 L 31.113 2.647 Z M 37.626 10 C 35.539 10 34.078 8.477 34.078 6.255 C 34.078 4.143 35.525 2.51 37.556 2.51 C 39.671 2.51 40.798 4.088 40.798 6.063 L 40.798 6.612 L 35.678 6.612 C 35.803 7.846 36.554 8.601 37.626 8.601 C 38.446 8.601 39.1 8.189 39.323 7.449 L 40.756 7.984 C 40.241 9.246 39.086 10 37.626 10 Z M 37.542 3.896 C 36.68 3.896 36.012 4.403 35.762 5.377 L 39.114 5.377 C 39.1 4.582 38.6 3.896 37.542 3.896 Z M 43.72 0 L 43.72 9.85 L 42.05 9.85 L 42.05 0 Z M 48.23 10 C 46.184 10 45.016 8.299 45.016 6.255 C 45.016 4.211 46.184 2.51 48.23 2.51 C 49.176 2.51 49.871 2.88 50.33 3.416 L 50.33 0 L 52 0 L 52 9.85 L 50.33 9.85 L 50.33 9.095 C 49.871 9.63 49.176 10 48.23 10 Z M 50.372 6.05 C 50.372 4.691 49.593 3.95 48.563 3.95 C 47.353 3.95 46.699 4.883 46.699 6.255 C 46.699 7.627 47.353 8.56 48.563 8.56 C 49.593 8.56 50.373 7.805 50.373 6.475 L 50.373 6.049 Z" fill="rgb(255, 255, 255)" height="10px" id="uSPVddIXO" transform="translate(14 0)" width="51.99999884033203px"/></g></svg>)
