Scribd Logo
Upload

Welcome to Scribd!

  • 56 views

    Cyber Law 6th Assignment

    Uploaded by

    parth.wadikar

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Cyber Law 6th Assignment

    Uploaded by

    parth.wadikar
    56 views2 pages

    Original Title

    cyber law 6th assignment

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    56 views2 pages

    Cyber Law 6th Assignment

    Uploaded by

    parth.wadikar

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 2

    The Digital Personal Data Protection Act (DPDP Act), 2023, establishes a comprehensive

    framework for the processing of digital personal data in India, emphasizing the
    responsibilities of Data Fiduciaries. A Data Fiduciary is defined as any person who
    determines the purpose and means of processing personal data. The Act outlines several key
    duties that Data Fiduciaries must adhere to, ensuring the protection of individuals' personal
    data and compliance with legal standards.

    1. Compliance with Legal Provisions

    Data Fiduciaries are required to process personal data only in accordance with the provisions
    of the DPDP Act and for lawful purposes. This means they must obtain explicit consent from
    Data Principals (the individuals whose data is being processed) for the processing of their
    personal data, or rely on certain legitimate uses as defined in the Act. The concept of "lawful
    purpose" is crucial, as it restricts processing to activities that are not expressly forbidden by
    law.

    2. Notice and Transparency

    Before processing personal data, Data Fiduciaries must provide clear and comprehensive
    notices to Data Principals. This notice should inform individuals about the specific personal
    data being processed, the purpose of processing, and the rights available to them under the
    Act. This transparency is vital for ensuring that Data Principals can make informed decisions
    regarding their consent.

    3. Obtaining and Managing Consent

    Data Fiduciaries must ensure that consent from Data Principals is free, specific, informed,
    unconditional, and unambiguous. They are responsible for presenting requests for consent in
    clear and plain language, allowing Data Principals to easily understand what they are
    consenting to. Furthermore, Data Fiduciaries must provide mechanisms for Data Principals to
    manage their consent, including the ability to withdraw consent at any time.

    4. Data Security and Protection

    A significant duty of Data Fiduciaries is to implement appropriate technical and


    organizational measures to protect personal data from breaches. This includes taking
    reasonable security safeguards to prevent unauthorized access, processing, or disclosure of
    personal data. In the event of a personal data breach, Data Fiduciaries are obligated to notify
    both the Data Protection Board and the affected Data Principals promptly.

    5. Data Minimization and Purpose Limitation

    Data Fiduciaries must adhere to the principles of data minimization and purpose limitation.
    This means they should only collect personal data that is necessary for the specified purpose
    and should not retain personal data longer than necessary. Upon the withdrawal of consent or
    when the purpose of processing is no longer served, Data Fiduciaries are required to erase the
    personal data.

    6. Accountability and Record-Keeping

    Data Fiduciaries are accountable for their processing activities and must maintain records of
    processing activities. This accountability extends to ensuring that any Data Processors they
    engage to handle personal data on their behalf also comply with the provisions of the DPDP
    Act. Data Fiduciaries must ensure that contracts with Data Processors include obligations that
    mirror their own responsibilities under the Act.

    7. Rights of Data Principals

    Data Fiduciaries must respect and facilitate the rights of Data Principals, which include the
    right to access their personal data, the right to correction, and the right to erasure. They are
    required to respond to requests from Data Principals regarding their rights within a prescribed
    timeframe.

    8. Grievance Redressal Mechanism

    Data Fiduciaries must establish effective mechanisms for addressing grievances raised by
    Data Principals. This includes providing clear channels for complaints and ensuring timely
    responses to such grievances.

    Conclusion

    The DPDP Act, 2023, places significant responsibilities on Data Fiduciaries to protect
    personal data and uphold the rights of individuals. By adhering to these duties, Data
    Fiduciaries not only comply with legal requirements but also foster trust and transparency in
    their data processing activities, ultimately contributing to a safer digital environment for all
    stakeholders involved.

    You might also like