Skip to main content
Please wait...
DPDPA 2023 Services

Digital Personal Data Protection Act 2023

Applicability of the Act

  1. Collection and processing of personal data in a digital form/digitized format
  2. Personal data collected in a non digitized format but later digitized.
Territorial scope

Applies to: All organizations based in India and to all organizations offering goods or services to data principals within the territory of India.

Does not apply to:
  1. Processing for domestic or personal purposes by individuals
  2. Personal data made publicly available 
Get in Touch

Contact us to become DPDPA 2023 Compliant

Address

Mumbai, India

Phone

+91 98337 67114

Competitive Pricing

Rs 50,000+

How Riskpro can help?

Riskpro has a strong team of experienced and certified data privacy and protection professionals with in-depth industry and technical knowledge.

Riskpro can assist you with the following services relating to India’s Personal Data Protection DPDP Act 2023:

Gap Assessments

Conduct a data privacy/protection gap assessment to highlight gaps or lapses in your framework/policies/processes and suggest an effective data privacy management mitigation plan based on relevant industry best practices for closing those gaps.

Establishing Data Privacy Framework

Define a data protection governance framework by setting up data inventories, privacy policies, controls, risk assessments, and consent forms compliant with the Digital Personal Data Protection Act 2023. Riskpro can also help you implement the framework/policies/processes on time and systematically.

Third-Party Risk Assessments

If you have any third parties who handle processes wherein personal data may be involved, Riskpro can conduct a risk assessment to give you clarity/ assurance regarding the level of adherence to the DPDP Act by your third parties. Riskpro can also suggest putting a plan in place so that potential personal data breaches by third parties are identified and rectified on a timely basis.

Implement/ Review Regulatory Updates

Define procedures and processes to ensure any Act changes or updates are identified, incorporated within the company policies, and implemented accordingly. Riskpro can also conduct policy reviews to ensure the latest regulatory updates are reflected therein.

Compliance Audits

If you already have a data protection/privacy framework and policy/procedures defined, Riskpro can conduct a compliance audit to ensure the processes are working effectively and the controls/ framework defined is adequate and in accordance with the requirements of the DPDP Act.

Training to staff

Riskpro can conduct online or in-person training to relevant staff regarding the regulatory requirements of the Digital Personal Data Protection Act 2023 and their duties while handling or processing personal data to ensure compliance with the Act. 

To know more contact us at info@riskpro.in

 

Why choose Riskpro for DPDPA Compliance Services?

Better Compliance helps in mitigating Data Breaches - The Way Forward
  • Be aware of the rules and regulations set forth by the law.
  • Create a thorough data inventory.
  • Implement a consent management system.
  • Conduct Data Protection Impact Assessment
  • Implement reasonable organizational and technical security measures based on the obligations and the risks.
  • Identify the gaps via periodic internal audits and evaluations.
  • Implement a system to react to requests for data primary rights.
  • Make sure that contracts with data processors are up to date.
  • Monitor modifications to The Digital Personal Data Protection Act.
Phases in DPDPA 2023 Compliance
Request a Quote

Let’s Get To Work Together

Riskpro Experience

We've 12+ years of experience in privacy & compliance.

50+ +

Privacy Reviews Done

950 +

Overall Clients

45 +

Security Auditors

Our Testimonails

What they are saying

Team

Vivek Dixit

EVP – Risk Management and Governance Advisory
  • B.Com; DFM. Numerous Work related and Leadership trainings in Corporate World.
  • Experienced, multi faceted, techno functional corporate professional with 35 yrs in the industry. Worked in top notch organizations viz. Dell, Microsoft, IBM, Atos (Origin), Ingersoll-Rand, Siemens. Global judge for certification of YB and GB Six Sigma projects in Dell.
  • Associated with PMI significantly. Initially Vice President of PMI-Pearl City Chapter when it was started. Invited as a Speaker for various PMI events.

Laxmikant Gupta

Principal
  • CA, CMA, CS, FRM
  • Laxmikant has over 25 years experience in risk management, governance, compliance, ethics, control, internal audit.
  • His experience has been across areas like operational risk, market risk, settlement risk in addition to SEBI Compliances, internal compliances, governance norms based on new Companies Act, new Insider Trading laws etc.
  • He headed risk management/compliance function for Franklin Templeton, Tata TD Waterhouse, Birla Sun Life, ICICI Venture, NCDEX. He also worked with I-Sec, A F Ferguson & Co.

Ashok K Agarwal

EVP – IT Risk Advisory
  • CISA, CRISC, ISO27001, ISO/ IEC 20000 qualified
  • Over 30 yrs of work experience in IT Risk Management and Assurance, of which 3 years of global experience.
  • Worked in multiple Banks (Punjab National Bank- Delhi, AXIS Bank, DCB Bank – Mumbai and Bank Dhofar – Muscat) heading Technology Audit.
  • As principle project assurance lead, done project review of Core Banking Solution upgradation and data migration adopting big bang approach.
  • Core expertise in Cyber and Cloud Security, Concurrent Audit of Data Centre and Privilege User Access review.

Rita Shewakramani

Executive Vice President – Risk Advisory Services
  • Chartered Accountant, a Certified Internal Auditor (CIA) and a Certified Risk Mgmt Professional (CRMA). 
  • She has more than 25 years of post qualification experience into Internal Audits, Risk, Application Reviews, Operations / Process/ Internal control reviews, Fraud Investigations.
  • She has worked with consulting firms like Baker Tilly Singhi Consultants Pvt Ltd, Price Waterhouse Coopers, EY, Aneja Associates and Corporates like Reliance (Internet Exchange), GE Capital, CMS Computers etc.

Manoj Jain

Founder and Director
  • CA, CPA, MBA-Finance (USA), FRM (GARP)
  • Over 10 years international experience – 6 years in Bahrain and 4 years USA
  • 18 years exp in risk management consulting and internal audits, Specialization in Operational Risk, Basel II, Sox and Control design
  • Worked for Ernst & Young (Bahrain), Arab Investment Company (Bahrain), Navigant Consulting(USA), Kotak Mahindra Bank (India) and Credit Suisse(India)
  • Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage 
    Company)
FAQs
  •  What is Digital Personal Data Protection Act, 2023?

The Digital Personal Data Protection Act (DPDPA) 2023 is a comprehensive data protection legislation enacted by the Indian government. It regulates the collection, processing, storage, and transfer of personal data to protect individuals' privacy and ensure data security. The Act establishes guidelines for data handling practices, sets requirements for consent, and mandates that organizations implement robust data protection measures. It aims to enhance transparency, accountability, and control over personal data while aligning with global data protection standards.

  •  What is the applicability of the DPDPA?

The DPDPA 2023 applies in the following scenarios:
Within India: When personal data is processed in a digital format, or if it was originally collected in a non-digital format and later digitized, as long as the processing occurs within the territory of India.
Outside India: When personal data is processed outside India, but the processing is connected to offering goods or services to individuals (data principals) located within India.
In essence, the Act covers both domestic and international processing activities that relate to data principles within India.**

 

  •  Can there be any penalty in case of non-compliance?

Yes, the DPDPA 2023 stipulates penalties for non-compliance. Organizations that fail to adhere to the requirements of the Act may face significant financial penalties. The Act outlines specific fines based on the nature and severity of the non-compliance, which can include penalties for issues such as inadequate data protection measures, failure to obtain proper consent, or not responding to data subject requests appropriately. The regulatory authority responsible for enforcing the Act will determine the exact penalties in each case.

 

  •  What is the applicability of the Act regarding personal data?

The Act applies to the collection and processing of personal data in both digitized formats and non-digitized formats. This means that if personal data is collected in a paper format and later digitized, it remains subject to the Act. The Act governs how personal data is handled, regardless of whether it is in a digital form or has been converted from a non-digitized format.

 

  • What is the territorial scope of the Act?

The Act applies to:
All organizations based in India.
All organizations offering goods or services to individuals (data principals) within India.
The Act does not apply to:
Processing of personal data by individuals for domestic or personal purposes.
Personal data that is made publicly available.
This means that while the Act covers a wide range of organizations and activities, there are exceptions for personal use and publicly available information.

 

  •  What services does Riskpro offer to help with compliance to the Digital Personal Data Protection (DPDP) Act 2023?

Riskpro provides a range of services to assist with compliance, including:
Gap Assessments: Identifying and addressing gaps in your data privacy framework.
Establishing Data Privacy Framework: Setting up and implementing compliant data protection policies and processes.
Third-Party Risk Assessments: Evaluating and managing risks associated with third-party data handling.
Implementing/Reviewing Regulatory Updates: Ensuring your policies reflect the latest regulatory changes.
Compliance Audits: Reviewing your existing framework to ensure effectiveness and adherence.
Staff Training: Providing training on regulatory requirements and compliance best practices.
For more information, visit https://www.riskpro.in/it-advisory/digital-personal-data-protection-act-2023

 

  • What are the exemptions under the DPDPA Act?

The DPDP Act does not apply to:
Personal Data for Personal Use: Data processed by individuals for their own personal or household activities is not covered by the Act.
Publicly Available Data: Data that has been made publicly available by:The individual to whom the data pertains (the data principal), or
Any person or entity required by Indian law to make such data public.
These exemptions help ensure that the Act focuses on more formal data processing activities and does not interfere with personal or legally mandated public information.

 

  •   What is the Legal Basis for Processing Personal Data Under the Digital Personal Data Protection Act (DPDPA) 2023?

The Digital Personal Data Protection Act (DPDPA) 2023 stipulates that personal data can only be processed with explicit consent from users, unless there is another valid legal basis for doing so. This consent must be freely given, meaning that users should not feel any pressure or coercion to provide it. Additionally, the consent must be unconditional, implying that it cannot be made dependent on any other conditions, such as the purchase of a product or service. These requirements ensure that users’ consent is both genuine and voluntary. However, the legal basis for processing personal data is not limited to consent alone. The Act also allows for processing based on certain legitimate uses, such as the necessity of processing for contractual obligations, compliance with legal requirements, or protection of vital interests.

 

  •  Is there compensation available for individuals if their personal data is compromised under the Digital Personal Data Protection Act (DPDPA) 2023?

No, the DPDP Act does not provide for compensation to individuals if their personal data is compromised. The Act focuses on setting out rules for data protection and requires organizations to implement measures to safeguard personal data, but it does not include provisions for financial compensation to data principals.

 

  • What is the main purpose of the Digital Personal Data Protection Act (DPDPA) 2023?

The purpose of the DPDPA 2023 is to regulate the processing of digital personal data in a way that balances the rights of individuals to protect their personal information with the need for organizations to process data for legitimate purposes. The Act aims to safeguard individuals' privacy while ensuring that data processing activities are lawful and properly managed.