DPDP Consultants Privacyium Tech Pvt. Ltd. 4th floor, GM IT Park, Plot no 32-33, Sector 142, Noida, Uttar Pradesh 201305
Our Locations
Copyright 2024 © DPDP Consultants, A Privacyium Tech Pvt. Ltd. Company
DPDP Consultants, your trusted partner in ensuring Digital Personal Data Protection (DPDP Act 2023) compliance for businesses in India.
Understand the criteria for ‘legitimate use’ under the DPDP Act and its implications for businesses handling personal data.
The Digital Personal Data Protection Act 2023, has arrived after several revisions, signifying a new era that requires stronger protection of digital personal data. This act brings a fresh approach to safeguarding digital personal data.
The DPDPA requires organisations that handle personal data to protect individuals’ privacy and practice responsible data management.
One of the main topics of debate arising from India’s data protection law is the uncertainty around what constitutes ‘legitimate uses’ for data processing.
Section 4 of the Digital Personal Data Protection Act states that personal data can only be processed for a lawful purpose. This can be done
Although the term ‘legitimate use’ is not defined, the Act guides us through scenarios that can be considered as legitimate uses. Let’s explore these as outlined in the act.
The law states the example of an Individual purchasing something from a pharmacy and providing their personal data to accept and acknowledge their payment. So the pharmacy can process their personal data for the purpose of sending the receipt. This is a lawful way of handling and processing personal data under the provisions of the DPDP Act, 2023.
The law gives an example of a pregnant woman signing up on an app or website to get government maternity benefits. By consenting to share her personal data for this purpose, she allows the government to process her data to check if she’s eligible for any other benefits.
This clause states that The data of an individual can be processed by the government or any of its agencies to fulfil their legal duties in India or to protect the country’s sovereignty, integrity, or security.
A person’s data can be processed to fulfil any legal requirement in India that obligates someone to share information with the government or its agencies. However, this processing must comply with the rules for disclosing such information according to other existing laws.
An individual’s data can be processed to comply with any legal judgement, decree, or order in India or any judgement or order related to contractual or civil claims under laws outside India.
A healthcare provider at a university health centre could share a client’s health information with their family or doctor if they believed it was necessary to prevent life threatening situation.
In case of a toxic discharge, if a fire department believes it’s in the public’s interest and there’s a serious environmental, health, or safety concern, they can disclose information to help identify the source of the discharge and prevent impact to individual.
After a disaster like a tsunami authorities can obtain dental records (and DNA samples) of missing loved ones, to be compared with those of unidentified casualties at the scene. Such records will be released without the consent of the individual to whom the information relates.
An employer can use personal data for work-related reasons or to protect the company from risks like corporate espionage, intellectual property theft, or dealing with classified information, even without getting permission first.
Numerous experts have noted that the clause is comparable to the concept of “deemed consent” from an earlier draft of the text, which eliminated the requirement for user consent before processing. In essence, whether or not there is a “lack of objection” to the processing of the data in question determines whether or not such use can be enforced. It adopts a stance that is in opposition to ordinary consent. use can be enforced. It adopts a stance that is in opposition to ordinary consent.
With the constantly changing legislation and growing concerns about data security, it is difficult for companies in various industries to attain and sustain compliance.
DPDP Consultants are here to preserve the integrity of your brand and foster trust, in addition to being a legal necessity. We take pride in having a group of seasoned professionals who are well-versed in the nuances of data privacy laws.
Our team has highly skilled experts with comprehensive knowledge of data protection rules in India, serving as DPDP consultants in the country.
DPDP Consultants create customised solutions for your organisation’s needs. In addition to the Readiness Review, they provide the skills, tools, and knowledge needed to comply with these regulations effectively.
Personalised strategies for your organisation to understand, manage, and reduce digital personal data risks.
Get In Touch With Us
DPDP Consultants Privacyium Tech Pvt. Ltd. 4th floor, GM IT Park, Plot no 32-33, Sector 142, Noida, Uttar Pradesh 201305
Copyright 2024 © DPDP Consultants, A Privacyium Tech Pvt. Ltd. Company