Our resources provide the essential tools, guides, and insights to help your business stay ahead of data privacy regulations. From practical templates to expert articles, we ensure you have everything you need to navigate compliance with confidence.
Table of content
Last Updated: 2024-07-24 ~ Manoj Kumar ~ DPDP Consultants
Discover the rights
granted to Data Principals under the DPDP Act 2023 to help you navigate through
a secure and transparent digital landscape.
One of the significant
milestones we witnessed in 2023 was the enactment of the DPDP Act, crafted to
give individuals or Data Principals more control over their shared, used, and
stored personal data.
Under the legal framework,
organizations are mandated to maintain transparency, provide access, and ensure
robust security measures in handling personal data. Failure to comply with
these responsibilities may result in hefty penalties.
In this blog, we delve
into the rights granted to Data Principals by the DPDP Act, as highlighted in
Sections 11-14 of the DPDP Act.
Rights Of Data Principals
Under The DPDP Act
Take a look at all your
rights that fall under the DPDP Act. These rights let you take control of your
personal information and protect it.
1. Right To Access
Information About Personal Data
Let’s say you want to
understand what an organization is doing with the data you have shared with
them. You now have the Right to Access Information as outlined in the Digital
Personal Data Protection Act 2023. This provision grants Data Principals (people
whose data is processed by companies) the ability to request specific details
about the processing of their personal data.
Under Section 11(1)(c),
you can even gain a comprehensive understanding of how your data is being used
and processed. This allows you to request any other information related to your
personal data.
But there is an exception
as stated in Section 11(2). This is when the data has been shared with another
Data Fiduciary who is legally authorized to acquire such data for specific
purposes like preventing, detecting, or investigating cybercrime, or for the
prosecution or punishment of offences. In these specific circumstances, some of
the rights mentioned in Sections 11(1)(a), 11(1)(b), and 11(1)(c) may not be
fully enforceable.
It’s important to note
that the exception is applicable only under specific circumstances, primarily
related to cybersecurity and legal investigations.
This exception ensures a
balance between individual data rights and the broader objectives of preventing
and prosecuting cyber incidents or offences.
2. Right To Correction And
Erasure of Personal Data
Under Section 12 (1) of
the DPDP Act, you have the right to make any corrections to the data if it is
false, inaccurate, incomplete, misleading, or needs an update. To do this, you
will have to submit a written request to the Data Fiduciary, specifying the
necessary changes. The Data Fiduciary is required to promptly evaluate your
correction request and implement the required changes.
Section 12(2) also offers
you the right to erase data. You, as a Data Principal, have the right to
request the erasure of your personal data. The Data Fiduciary is obliged to
fulfil this request unless there are specific reasons to retain the data, such as
for a particular purpose or to comply with legal requirements.
While the Act provides the
right to erasure, it acknowledges that certain conditions and exceptions may
apply. These conditions and exceptions will be specified in the rules
associated with the Act, providing a structure for when erasure may not be
feasible or permissible.
Looking
for expert advice from top consultants?
Whether you need guidance on legal compliance
consulting or tool-based technical solutions, DPDP Consultants can help
you with the best professional services in the industry. Get tailored insights
and practical solutions to help you succeed.
For News updates, expert insights, and practical
tips on DPDP compliance and personal data security please subscribe to our
newsletter Privacy
Talks.
