What is the difference between GDPR and DPDP Act?

Summary

The Digital Personal Data Protection Act applies to only digital data, while GDPR includes some offline data too.

DPDP primarily relies on Consent for data processing, whereas GDPR has a broader range of lawful bases.

DPDP places all compliance responsibility on Data Fiduciaries, in contrast to GDPR's direct obligations on Data Processors.

DPDP offers fewer individual rights compared to GDPR, which includes rights like data portability and protection against automated decision-making.

DPDP uniquely introduces 'Consent Managers' for streamlined consent management, not present in GDPR.

Breach notification is stricter under DPDP, requiring reporting of all breaches, unlike GDPR's less comprehensive requirement.

Definitions

Stakeholders

What is the difference between GDPR and DPDP Act? - illustration

The individual whose personal data is being processed is called 'Data subject' under GDPR and 'Data Principals' under DPDP Act. Both laws grant rights to these individuals over their data.

Grounds of Processing

GDPR offers a wider list of lawful bases while DPDP Act primarily relies on consent, with exceptions for state functions and emergencies.

Penalties and Enforcement

GDPR enforces penalties up to €20 million or 4% of global turnover. The DPDP Act imposes penalties up to INR 250 crores per violation. The GDPR uses decentralized enforcement via each EU country's Data Protection Authority, while DPDP uses centralized enforcement through the Data Protection Board of India.

Platform Overview

Read the Laws of eSign

See how you can execute electronic Bank Guarantees with Leegality eBG Suite

From Awareness to Action: A Roadmap for DPDP Act Compliance

Federal Bank Documentary