What Are The Key Requirements in the Digital Personal Data Protection (DPDP) Bill of India? Let us understand these with Punit Bhatia in The FIT4Privacy Podcast E099

00:00:53 First requirement for digital personal data
00:03:06 Contracts with data processors
00:03:41 Security of personal data
00:03:58 Data breach notifications
00:04:34 Personal data retention
00:06:10 Contact for concerns and complaints
00:07:00 Rights and duties
00:09:28 Significant data fiduciary
00:11:14 Processing of personal data outside India
00:14:50 Penalties


In summary, these requirements include grounds for processing personal data, contracts with data processors, security of personal data, data breach notifications, personal data retention, contact for concerns and complaints, rights and duties of data principles, significant data fiduciaries, processing of personal data outside India, exemptions, the Data Protection Board of India, and penalties. The law is heavily reliant on consent, and there are additional requirements for significant data fiduciaries such as appointing a Data Protection Officer and conducting periodic Data Protection Impact Assessments. It also allows for exemptions for outsourcing contracts and provides companies with the opportunity to appeal to a tribunal before going to the judicial system. Penalties can be up to 250 crore rupees (approximately 31 million US dollars).

Please do like and comment about our podcast. And, if you wish to watch in video, subscribe to our YouTube channel    / fit4privacy