According to Union Minister Ashwini Vaishnaw on Saturday, the President has approved the Digital Personal Data Protection Bill that was enacted by Parliament this week.
The Digital Personal Data Protection (DPDP) law seeks to safeguard the privacy of Indian residents while imposing a maximum fine of Rs. 250 crore on organizations that fail to preserve or misuse personal digital data.
A breach of personal data must be reported to the Data Protection Board (DPB) and the user, and companies handling user data will be obligated to protect the individual’s information.
“DPDP Bill is made into a law. Received the Hon’ble President’s assent,” Vaishnaw wrote in posts on Koo and X (formerly Twitter).
On August 9, the Rajya Sabha approved the DPDP bill, which establishes a number of compliance criteria for the gathering and processing of personal data, includes rules to prevent online platforms from abusing users’ data, and carries a penalty of up to Rs. 250 crore for any data breach.
According to the DPDP law, processing of children’s data is permitted with parental agreement. The measure had been adopted by the Lok Sabha on August 7. According to IT Minister Vaishnaw’s prior statements this week, the administration anticipates putting the Act into effect in ten months.
The bill covers the processing of digital personal data in India, whether the data is initially gathered in non-digitized form and afterwards converted to digital form.
The term “personal data” is defined broadly in the law to encompass any information about a person who can be identified from or in connection with the data. The term “digital personal data” refers to personal information stored digitally.
State agencies may be exempt from the statute under DPDP, according to the government.
The Digital Personal Data Protection Bill, 2023, was created to ensure that digital personal data is processed in a way that recognizes both the need to process personal data for legitimate purposes and matters that are related to or incidental to those purposes, as well as the right of individuals to have their personal data protected.
If data fiduciaries or businesses using personal data ignore concerns from individuals, it raises the possibility of establishing a Data Protection Board of India to handle complaints from people regarding their right to privacy.
