.svg)
%20(1).avif)
The DPDP Act has changed India’s data privacy landscape tremendously. While it is mandated for all businesses to comply with DPDP law and get explicit and specific consent before processing any form of personal data, it is not always the case. There are a few exceptions where data processing does not require explicit consent.
Let’s understand this in detail.
What are the exemptions under DPDP Act?
Consent Exceptions: In certain situations, data can be processed without explicit consent, like voluntary data sharing (e.g., customer emails) or employment-related processing (e.g., employee background checks), health emergencies.
General Exemptions: These apply to broad scenarios such as corporate restructuring, mergers, where processing personal data is necessary but doesn't require individual consent.
State Exemptions: Government bodies can process data without consent for state functions, national security, or public order. For instance, data can be processed for national security or emergency health responses without individual consent.
Why is knowing these exemptions important for businesses?
Knowing and understanding the DPDP exemptions, can help your business navigate complex compliance requirements. Certain sectors like BFSI, telemarketing, healthcare, and ecommerce that handle vast amounts of personal data must be especially vigilant .
Non-compliance with the provisions of the Act can lead to a penalty of upto Rs. 250 crores per violation.
Will there be exemptions in the processing of children’s data?
Yes, as per the new DPDP Draft Rules, there are certain exemptions to the processing of data for children. This includes healthcare providers, educational institutions and childcare services. These exceptions ensure that these essential services can run smoothly.
To know more, read our detailed blog on Exemption under DPDP Act