Tag: data privacy compliance

Data Privacy Laws and Compliance Introduction Welcome to Blessedmedia, where we bring to you topics that will help you learn more. We also try to explain things to you in a simple way, so that you don't have any difficulty. So, let's start this blog with this thought and today's topic is Cybersecurity with full information. Understanding the Digital Personal Data Protection: What You Need to Know In today’s digital world, personal data is shared almost everywhere — from booking movie tickets online to ordering popcorn at the mall. But have you ever stopped to think about how this data is processed and regulated? With the increasing reliance on digital platforms, it's essential to understand how your personal information is being handled and the laws that govern it. In this post, we explore the Digital Personal Data Protection Act, 2023 (DPDP Act), focusing on its implications for individuals, known as "data principals." Introduction to the Digital Personal Data Protection Act The Digital Personal Data Protection Act, 2023, has been making headlines lately. Numerous law firms and experts are hosting discussions and roundtables about the act, examining its pros and cons and evaluating its fit for India. This comprehensive law affects several sectors such as gaming, advertising, healthcare, and OTT platforms. However, today we will focus on just one critical aspect — the rights and responsibilities of the data principal. Who is the Data Principal? In simple terms, the data principal is any individual whose personal data is being processed. The processing of data includes activities like collecting, sharing, and utilizing the data. Importantly, this is all done digitally, and the entity processing this data is known as the data fiduciary. Data fiduciaries are organizations or individuals, such as social media platforms or employers, to whom you entrust your personal information. For instance, when you share your mobile number on social media or with your employer, these entities become data fiduciaries. How is Data Processed? Under the DPDP Act, your personal data can be processed in four primary ways: 1. Consent-Based Sharing This occurs when you voluntarily provide your data. For example, when you share your phone number while registering for an event, you’re giving consent for your data to be processed. 2. Agreement-Based Processing Many websites ask you to agree to their privacy policies before accessing their services. By clicking the “I Agree” button, you are consenting to your data being processed as outlined in their terms. 3. Employment-Related Processing In the workplace, you might provide personal details, such as your bank account information, to receive your salary. This is another way your data gets processed, as it is necessary for employment purposes. 4. Other Reasons Data may also be processed for reasons such as fulfilling governmental requirements or for medical purposes. For instance, hospitals may store your personal medical records for treatment purposes. Exemptions from Data Processing There are certain exemptions under the DPDP Act where your data does not fall under the category of being processed: 1. Personal Data Shared with Family If you share personal information with family members for personal tasks, such as booking a ticket using your father’s passport details, this does not qualify as data processing under the law. 2. Public Sharing on Social Media When you voluntarily post your personal details on public social media platforms, such information is not protected under the DPDP Act. 3. Legal Obligations Sometimes, personal data is shared due to legal requirements. For example, court judgments often contain details about the involved parties, such as addresses or occupations. This form of data sharing is legally mandated and does not fall under the data processing regulated by the Act. What Rights Do Data Principals Have? Now that we understand the basics of data processing, let's talk about the rights that data principals hold under the DPDP Act: Right to Information: You have the right to know how your personal data is being used. Right to Withdraw: If you no longer want your data to be processed, you can withdraw your consent. Grievance Redressal: If your rights are violated, you have the right to seek resolution through appropriate channels. How Can You Withdraw Your Data? If you wish to withdraw your data, the process involves two steps: 1. Contact the Data Fiduciary The first step is to reach out to the entity processing your data and request them to stop or withdraw it. 2. Approach the Data Protection Board If you are unsatisfied with the data fiduciary’s response, you can escalate the issue to the Data Protection Board. If the Board finds that your rights have been violated, they may impose significant penalties on the data fiduciary. Practical Training on Data Protection Laws For those looking to deepen their understanding of the DPDP Act and explore career opportunities in the field of data protection and privacy laws, Legal Edge Law School is offering a specialized certificate course starting on 11th October. This course, taught by industry expert Ms. Shreya Shezar, provides 15+ hours of live, interactive training. You'll also get opportunities for internships, practical assessments, and exclusive guidance on building a career in this evolving legal domain. Conclusion In summary, the DPDP Act outlines how personal data is processed, the rights you have as a data principal, and the exceptions to the rule. If you’re ever in doubt about how your data is being used or if you feel your rights are being violated, remember that you have recourse through both the data fiduciary and the Data Protection Board. If you have any questions about the DPDP Act or would like to suggest topics for future discussions, feel free to leave your thoughts in the comment section below. Thank you for reading!

footer