31 lines
1.4 KiB
Org Mode
31 lines
1.4 KiB
Org Mode
:PROPERTIES:
|
|
:ID: auto-dpdp-act
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title:
|
|
#+filetags: :passepartout:compliance:framework:dpdp:
|
|
|
|
|
|
India's first comprehensive federal privacy law (enacted August 2023, rules
|
|
drafting in progress, enforcement expected 2026-2027). Key features: consent
|
|
for personal data processing, data processor obligations, data principal rights
|
|
(right to access, correction, erasure, grievance redressal), Data Protection
|
|
Board of India (DPBI) enforcement, significant penalties, exempted government
|
|
processing for sovereignty/national security.
|
|
|
|
Penalties: Up to 250 Cr INR (~$30M) per breach. Data fiduciary bears primary
|
|
responsibility regardless of processor fault.
|
|
|
|
Who must comply: Any organization processing personal data of Indian residents,
|
|
where the data is collected in India or used to profile Indian residents.
|
|
Offshore data processors are in scope.
|
|
|
|
Why it matters: DPDP is a greenfield privacy regime — India had no comprehensive
|
|
privacy law before 2023. The rules (implementation details) are being drafted
|
|
now. This is the widest first-mover window in the global privacy landscape:
|
|
organizations need compliance tooling that doesn't exist yet. The gate stack's
|
|
consent-managed data access model maps directly to DPDP's consent framework.
|
|
A DPDP gate package at $30K/yr (discounted for India market) captures a market
|
|
of hundreds of thousands of businesses with no incumbent vendor.
|
|
|