By B S Makar, Advocate
Founder – B S Makar Advocates and Solicitors
📞 *+91-9878131111* | 🌐 www.makarlaws.com
📍 Mohali, Punjab | Specializing in Cyber Law & Compliance
DPDP Act 2023: India’s Digital Privacy Revolution
India’s landmark Digital Personal Data Protection Act (DPDP) 2023 has finally arrived, transforming how personal data is handled nationwide. Whether you’re a business leader, startup founder, or concerned citizen, here’s your essential guide to navigating this game-changing law.
Key Takeaways at a Glance
✅ Applies to all digital personal data – whether collected online or digitized offline
✅ Grants Indians new privacy rights over their information
✅ Imposes heavy penalties up to ₹250 crore for violations
✅ Affects every company operating in India – including foreign businesses
✅ Creates new Data Protection Board for enforcement
Who Does the DPDP Act Apply To?
Covered Entities Include:
- Indian companies (startups to enterprises)
- Government agencies
- Foreign businesses processing Indians’ data
- Schools, hospitals, and NGOs handling personal information
Example: A US-based edtech platform with Indian users must comply, even without a local office.
7 Fundamental Rights for Individuals
- Right to Know – What data is collected and why
- Right to Correct – Fix inaccurate personal information
- Right to Delete – Remove unnecessary data
- Right to Consent – Say yes/no to data collection
- Right to Grievance – Complain to Data Protection Board
- Right to Nominate – Appoint someone to manage your data after death
- Right to Portability – Get your data in usable format
Real Impact: You can now demand companies delete your old shopping history or correct wrong credit information.
Business Compliance Checklist
All Companies Must:
✔ Redesign consent forms (“clear & affirmative”)
✔ Appoint grievance officer
✔ Implement data security measures
✔ Notify breaches within 72 hours
✔ Maintain accurate records
Additional Rules for Large Companies (SDFs):
- Hire Data Protection Officer
- Conduct annual audits
- Complete impact assessments
Penalty Alert: Failing to protect children’s data can cost ₹200 crore!
Global Comparison: DPDP vs GDPR vs CCPA
| Feature | India (DPDP) | EU (GDPR) | California (CCPA) |
|---|---|---|---|
| Consent Required? | Yes | Yes | Opt-out |
| Child Protection | <18 years | <16 years | <16 years |
| Max Fine | ₹250 Cr | €20M/4% revenue | $7,500/violation |
| Data Transfer | Allowed except restricted countries | Restricted | No limits |
Critical Deadlines & Next Steps
For Businesses:
- Audit current data practices
- Update privacy policies by early 2024
- Train staff on new requirements
- Implement consent management systems
For Individuals:
- Review privacy settings on all apps
- Exercise new rights to access/correct data
- Report violations to [Data Protection Board]
How We Help Clients Navigate DPDP
Our legal team provides:
🔹 Compliance Audits – Gap analysis for your business
🔹 Policy Drafting – Privacy notices, consent forms
🔹 Breach Response – 72-hour notification support
🔹 DPO Services – Interim data protection officers
🔹 Litigation Support – Representing before Data Board
Recent Case: Helped a Punjab healthcare startup avoid ₹50L penalties by restructuring their patient data processes.
Don’t Risk Non-Compliance!
The DPDP Act brings teeth to India’s privacy laws with severe consequences for violations. Whether you’re:
- A startup collecting customer emails
- An school managing student records
- An NRI with data in Indian systems
Protect yourself now.
📞 Get DPDP Compliance Advice Today
B S Makar, Advocate
📍 669, Sector 64, Mohali
📞 *+91-9878131111*
🌐 www.makarlaws.com
Your data matters. Secure it right. 🔒
