Reorganize brain: projects/ top level, rename filenames, update homepage
- Moved everything from ideas/passepartout/ to projects/passepartout/ - Moved legal structures to projects/flags/ - Created missing _index.org files for all subdirectories - Stripped redundant passepartout- prefix from filenames - Rewrote root _index.org as generalized brain index (projects + concepts) - Updated Hugo nav to Projects/Concepts - Updated build script section descriptions - Deleted stale ideas/passepartout-economics.md orphan
This commit is contained in:
Hermes
32
projects/passepartout/strategy/compliance/dpdp-act.org
Normal file
32
projects/passepartout/strategy/compliance/dpdp-act.org
Normal file
@@ -0,0 +1,32 @@
|
||||
:PROPERTIES:
|
||||
:ID: fed19a24-ad81-4837-a12b-dafbd3ec110a
|
||||
:ID: auto-dpdp-act
|
||||
:CREATED: [2026-05-23 Sat]
|
||||
:END:
|
||||
#+title: DPDP Act (Digital Personal Data Protection Act — India)
|
||||
#+filetags: :passepartout:compliance:framework:dpdp:
|
||||
|
||||
|
||||
India's first comprehensive federal privacy law (enacted August 2023, rules
|
||||
drafting in progress, enforcement expected 2026-2027). Key features: consent
|
||||
for personal data processing, data processor obligations, data principal rights
|
||||
(right to access, correction, erasure, grievance redressal), Data Protection
|
||||
Board of India (DPBI) enforcement, significant penalties, exempted government
|
||||
processing for sovereignty/national security.
|
||||
|
||||
Penalties: Up to 250 Cr INR (~$30M) per breach. Data fiduciary bears primary
|
||||
responsibility regardless of processor fault.
|
||||
|
||||
Who must comply: Any organization processing personal data of Indian residents,
|
||||
where the data is collected in India or used to profile Indian residents.
|
||||
Offshore data processors are in scope.
|
||||
|
||||
Why it matters: DPDP is a greenfield privacy regime — India had no comprehensive
|
||||
privacy law before 2023. The rules (implementation details) are being drafted
|
||||
now. This is the widest first-mover window in the global privacy landscape:
|
||||
organizations need compliance tooling that doesn't exist yet. The gate stack's
|
||||
consent-managed data access model maps directly to DPDP's consent framework.
|
||||
A DPDP gate package at $30K/yr (discounted for India market) captures a market
|
||||
of hundreds of thousands of businesses with no incumbent vendor.
|
||||
|
||||
Part of the [[id:e4a7b3d2-1c9f-4b6e-8a2d-5f3c7e1b9a0c][compliance framework index]].
|
||||
Reference in New Issue
Block a user