gbrain: sync converted org-mode brain files
This commit is contained in:
Hermes
30
ideas/compliance/dpdp-act.org
Normal file
30
ideas/compliance/dpdp-act.org
Normal file
@@ -0,0 +1,30 @@
|
||||
:PROPERTIES:
|
||||
:ID: auto-dpdp-act
|
||||
:CREATED: [2026-05-23 Sat]
|
||||
:END:
|
||||
#+title:
|
||||
#+filetags: :passepartout:compliance:framework:dpdp:
|
||||
|
||||
|
||||
India's first comprehensive federal privacy law (enacted August 2023, rules
|
||||
drafting in progress, enforcement expected 2026-2027). Key features: consent
|
||||
for personal data processing, data processor obligations, data principal rights
|
||||
(right to access, correction, erasure, grievance redressal), Data Protection
|
||||
Board of India (DPBI) enforcement, significant penalties, exempted government
|
||||
processing for sovereignty/national security.
|
||||
|
||||
Penalties: Up to 250 Cr INR (~$30M) per breach. Data fiduciary bears primary
|
||||
responsibility regardless of processor fault.
|
||||
|
||||
Who must comply: Any organization processing personal data of Indian residents,
|
||||
where the data is collected in India or used to profile Indian residents.
|
||||
Offshore data processors are in scope.
|
||||
|
||||
Why it matters: DPDP is a greenfield privacy regime — India had no comprehensive
|
||||
privacy law before 2023. The rules (implementation details) are being drafted
|
||||
now. This is the widest first-mover window in the global privacy landscape:
|
||||
organizations need compliance tooling that doesn't exist yet. The gate stack's
|
||||
consent-managed data access model maps directly to DPDP's consent framework.
|
||||
A DPDP gate package at $30K/yr (discounted for India market) captures a market
|
||||
of hundreds of thousands of businesses with no incumbent vendor.
|
||||
|
||||
Reference in New Issue
Block a user