amr/hermes-brain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
348f2736a8283dd2fbd0268f729715fa6aa456e0
hermes-brain/projects/passepartout/strategy/compliance/dpdp-act.org
Hermes 0a8e77e949 Reorganize brain: projects/ top level, rename filenames, update homepage 
- Moved everything from ideas/passepartout/ to projects/passepartout/
- Moved legal structures to projects/flags/
- Created missing _index.org files for all subdirectories
- Stripped redundant passepartout- prefix from filenames
- Rewrote root _index.org as generalized brain index (projects + concepts)
- Updated Hugo nav to Projects/Concepts
- Updated build script section descriptions
- Deleted stale ideas/passepartout-economics.md orphan
2026-05-24 18:54:14 +00:00

33 lines
1.6 KiB
Org Mode
Raw Blame History

:PROPERTIES:
:ID: fed19a24-ad81-4837-a12b-dafbd3ec110a
:ID: auto-dpdp-act
:CREATED: [2026-05-23 Sat]
:END:
#+title: DPDP Act (Digital Personal Data Protection Act — India)
#+filetags: :passepartout:compliance:framework:dpdp:
India's first comprehensive federal privacy law (enacted August 2023, rules
drafting in progress, enforcement expected 2026-2027). Key features: consent
for personal data processing, data processor obligations, data principal rights
(right to access, correction, erasure, grievance redressal), Data Protection
Board of India (DPBI) enforcement, significant penalties, exempted government
processing for sovereignty/national security.
Penalties: Up to 250 Cr INR (~$30M) per breach. Data fiduciary bears primary
responsibility regardless of processor fault.
Who must comply: Any organization processing personal data of Indian residents,
where the data is collected in India or used to profile Indian residents.
Offshore data processors are in scope.
Why it matters: DPDP is a greenfield privacy regime — India had no comprehensive
privacy law before 2023. The rules (implementation details) are being drafted
now. This is the widest first-mover window in the global privacy landscape:
organizations need compliance tooling that doesn't exist yet. The gate stack's
consent-managed data access model maps directly to DPDP's consent framework.
A DPDP gate package at $30K/yr (discounted for India market) captures a market
of hundreds of thousands of businesses with no incumbent vendor.
Part of the [[id:e4a7b3d2-1c9f-4b6e-8a2d-5f3c7e1b9a0c][compliance framework index]].
Reference in New Issue View Git Blame Copy Permalink