anonym.legal
Bumalik sa BlogGDPR & Pagsunod

DPDPA India: Ang Digital Personal Data Protection Act...

Ang Indian DPDPA ay nag-take effect noong 2024, replacing ang outdated IT Act.

April 21, 202610 min basahin
India DPDPAAadhaar PAN detectionIndian privacy lawAsia Pacific compliancedata protection

Ang Indian Digital Personal Data Protection Act (DPDPA) ay nag-take effect noong November 2024, establishing isang comprehensive privacy regime para sa India's 1.4 billion citizens. Ang bagong framework ay significantly stricter compared sa previous IT Act Section 72 provisions.

DPDPA Framework Overview

Ang Act ay nag-introduce ng new terminology:

Data Principal: Individual na ang personal data ay nag-process

Data Fiduciary: Entity na nag-collect at process ang personal data

Data Processor: Entity na process data on behalf ng fiduciary

Key Compliance Requirements

Consent Mechanism:

  • Explicit consent required bago mag-process ng personal data
  • Layered consent (para sa different purposes)
  • Separate consent para sa sensitive personal data
  • Consent ay dapat recorded at easily revocable

Transparency:

  • Privacy notices bago data collection
  • Clear explanation ng data use
  • Disclosure ng third-party data sharing

Data Minimization:

  • Collect only necessary data
  • Purpose limitation
  • Storage limitation (nag-vary per use case)

Security Requirements:

  • Encryption ng personal data
  • Access controls
  • Regular security assessments
  • Incident response procedures

Data Principal Rights

Ang individuals ay may rights na:

Right to Access: Mag-request ng copy ng personal data

Right to Correction: Request correction ng inaccurate data

Right to Erasure: Request deletion ng personal data (with exceptions)

Right to Data Portability: Receive data sa portable format

Right to Withdraw Consent: Mag-withdraw ng consent at any time

Indian Personal Identifiers

Aadhaar: 12-digit biometric identification number

  • Assigned ng Unique Identification Authority ng India (UIDAI)
  • Contains fingerprint, iris scans, demographic information
  • Has become de-facto national ID
  • Processing ay subject sa special DPDPA provisions

PAN (Permanent Account Number): 10-character taxpayer identifier

  • Issued ng Income Tax Department
  • Required para sa financial transactions

Voter ID: 10-digit identification number

  • Issued ng Election Commission

Driving License: Multi-digit identifier na may unique state codes

Sensitive Personal Data Category

Ang DPDPA ay nag-define ng "sensitive personal data" na may stricter requirements:

Health Data: Medical records, genetic information, biometric data

Financial Data: Bank account information, credit scores, transaction history

Biometric Data: Fingerprints, iris scans, facial recognition data (Aadhaar-linked)

Genetic Data: DNA profiles, hereditary information

Aadhaar Data: Any processing ng Aadhaar number

Fiduciary Obligations

Ang companies ay nag-process ng Indian personal data ay dapat:

Maintain Consent Records: Documented proof na consent ay obtained

Implement Privacy by Design: Built-in data protection sa systems

Conduct Data Protection Impact Assessments: Para sa risky processing

Appoint Data Protection Officer: Para sa high-volume processing (thresholds TBD via rules)

Report Data Breaches: Notify authorities at principals sa loob ng required timeframe

Compliance Timeline

Phase 1 (November 2024 - March 2025): Initial implementation phase na may transition period para sa existing systems

Phase 2 (April 2025 onwards): Full compliance requirements effective

Enforcement Authority

Ang Data Protection Board (yet to be established) ay mag-enforce ng DPDPA through:

Complaints: Data principals ay maaaring mag-file ng formal complaints

Investigations: Proactive investigations ng violations

Penalties: Up to ₹500 crore (approximately €55 million) para sa serious violations

Technical Implementation Challenges

Scale: India's massive population (1.4 billion) ay nag-require ng scalable solutions

Aadhaar Integration: Unique complexity ng Aadhaar-linked transactions

Infrastructure Readiness: Many Indian organizations ay nag-need significant upgrades

Skill Gaps: Limited data protection expertise sa many organizations

Business Impact

Ang DPDPA ay significantly affecting:

  • Tech platforms (Google, Meta, ByteDance operating sa India)
  • E-commerce businesses
  • Financial services
  • Healthcare providers
  • Government services

Ang compliance ay requiring substantial investment sa technical infrastructure at organizational processes.

Mga Kaugnay na Artikulo

GDPR & Pagsunod

Japan My Number: Verhoeff & APPI

63% of generic tools fail My Number detection in Japanese documents. My Number uses Verhoeff algorithm — the most complex national ID checksum in Asia.

GDPR & Pagsunod

HDPA Greece: AFM & AMKA Detection

Greek AFM detected with 52% accuracy by generic tools. HDPA issued 89 decisions in 2024 — up 162% from 2022. Tourism and maritime sectors face distinct.

GDPR & Pagsunod

NAIH Hungary: TAJ-Szám and Adóazonosító Jel

Hungarian NER accuracy is 67% vs. EU average 82% — NAIH's 2024 assessment. TAJ-szám weighted checksum and adóazonosító jel detection gaps.

Handa nang protektahan ang iyong data?

Simulan ang anonymization ng PII gamit ang 285+ uri ng entidad sa 48 wika.

Simulan ang Libreng PagsubokTingnan ang Mga Tampok