How insurers can comply with IRDAI’s policy signing rules
Register
Close Icon
Home
>
Blog
>
DPDP Applicability

Digital Personal Data Protection Act Applicability

February 19, 2024
Anahad Narain - Founder's Office at Leegality

Anahad Narain

Founder's Office

The Applicability of the DPDP Act

Summary

  • The Digital Personal Data Protection Act applies to digital personal data including identifiable information such as names, contact details, and financial information.
  • The Act defines 'Data Principals' (individuals to whom data pertains) and 'Data Fiduciaries' (entities processing data) with specific rights and obligations.
  • The Act is enforceable for data processed within India and in certain cases outside where it pertains to business with individuals within India.
  • There are specific scenarios where the DPDP Act's provisions are not applicable, including certain employment-related processes, legal obligations, and state functions.
  • The DPDP Act has been notified but awaits full enforcement pending the release of DPDP Rules and the establishment of the Data Protection Board.

The Digital Personal Data Protection (DPDP) Act is a game-changer in India's approach to data privacy. In this piece we cover everything about the applicability of the DPDP Act. To whom, what, where and when will the law apply?

To what does the DPDP Act apply?

The law applies to Digital Personal Data — any data about an individual who can be identified using that data, if collected digitally or digitised after physical collection.

Digital Personal Data Protection Act Applicability - illustration
The DPDP Act applies to any digital data that can be used to uniquely identify an individual

To whom does the DPDP Act apply?

To individuals and organisations that process data of Indian citizens. The DPDP Act defines two main stakeholders: Data Principals (individuals whose data is processed) and Data Fiduciaries (entities who decide the means and purpose of processing).

Where does the DPDP Act apply?

The DPDP Act applies to personal data processed within India AND data processed outside India if it pertains to business activity related to individuals within India.

Digital Personal Data Protection Act Applicability - illustration

When will the DPDP Act not apply?

Exemptions include personal/domestic use, publicly available data, exceptions to consent (employment-related processing, compliance with legal obligations, medical emergencies), and state exemptions for national security purposes.

Digital Personal Data Protection Act Applicability - illustration
Start your DPDP compliance journey now to avoid penalties as high as ₹250 Crore

Download Blog as PDF
Content

Related articles

Legal Explainer
December 5, 2023
What is DPDP Act in India?
Anahad Narain - Founder's Office at Leegality

Anahad Narain

4
min read
Legal Explainer
February 1, 2024
How to comply with DPDP Act?
Anahad Narain - Founder's Office at Leegality

Anahad Narain

6
min read
Legal Explainer
February 8, 2024
Exemptions under the DPDP Act?
Anahad Narain - Founder's Office at Leegality

Anahad Narain

8
min read

Sign up for a demo and early trial access

Customized Demo for every use case
Deep dive into your unique needs and compliance challenges
Free access to testing account
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.