amr/hermes-brain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cc3976fb7f792cae1423e37b6067c57efa23f288
hermes-brain/ideas/compliance/dpdp-act.org
Hermes cc3976fb7f ideas: editorial sweep — atomization, interlinking, restructuring 
- Split competitive-analysis-2026-05.org → TOC + 9 competitor files in
  ideas/competitors/. Dropped date from filename. All competitor UUIDs
  generated, TOC keeps original UUID for backlink continuity.
- Deleted passepartout-economics.org archive (replaced by 27-node KB).
- Inlined 5 'See also' blocks into natural prose (compliance-index,
  first-mover-window, revenue-table, orders-of-magnitude-time,
  native-org-knowledge-base).
- Linked 7 orphan compliance pages back to compliance index + finished
  truncated sentences.
- Linked all 14 Agora requirement docs from topic-relevant pages
  (identity→lisp-machine-security, infrastructure→compute-marketplace,
  social-space→growth-strategy, exchange→agora-contracts, etc.).
- Linked ai-industry-impact from investment-thesis, sufficiency-flip,
  verification-appliance, effects-growth-flywheel (up from 1 to 10+ pages).
- Fixed CREATED timestamps to use git commit dates instead of today.
- Made all links absolute from root (no port inheritance).
- Removed stale agora/docs/ duplicate content.
2026-05-24 16:25:55 +00:00

33 lines
1.6 KiB
Org Mode
Raw Blame History

:PROPERTIES:
:ID: fed19a24-ad81-4837-a12b-dafbd3ec110a
:ID: auto-dpdp-act
:CREATED: [2026-05-23 Sat]
:END:
#+title: DPDP Act (Digital Personal Data Protection Act — India)
#+filetags: :passepartout:compliance:framework:dpdp:
India's first comprehensive federal privacy law (enacted August 2023, rules
drafting in progress, enforcement expected 2026-2027). Key features: consent
for personal data processing, data processor obligations, data principal rights
(right to access, correction, erasure, grievance redressal), Data Protection
Board of India (DPBI) enforcement, significant penalties, exempted government
processing for sovereignty/national security.
Penalties: Up to 250 Cr INR (~$30M) per breach. Data fiduciary bears primary
responsibility regardless of processor fault.
Who must comply: Any organization processing personal data of Indian residents,
where the data is collected in India or used to profile Indian residents.
Offshore data processors are in scope.
Why it matters: DPDP is a greenfield privacy regime — India had no comprehensive
privacy law before 2023. The rules (implementation details) are being drafted
now. This is the widest first-mover window in the global privacy landscape:
organizations need compliance tooling that doesn't exist yet. The gate stack's
consent-managed data access model maps directly to DPDP's consent framework.
A DPDP gate package at $30K/yr (discounted for India market) captures a market
of hundreds of thousands of businesses with no incumbent vendor.
Part of the [[id:e4a7b3d2-1c9f-4b6e-8a2d-5f3c7e1b9a0c][compliance framework index]].
Reference in New Issue View Git Blame Copy Permalink