DPDP Consultants Privacyium Tech Pvt. Ltd. 4th floor, GM IT Park, Plot no 32-33, Sector 142, Noida, Uttar Pradesh 201305
Our Locations
Copyright 2024 © DPDP Consultants, A Privacyium Tech Pvt. Ltd. Company
DPDP Consultants, your trusted partner in ensuring Digital Personal Data Protection (DPDP Act 2023) compliance for businesses in India.
Discover the essentials of a privacy notice. Learn about its key components, and how it differs from a privacy policy.
You need to be clear and open with users about how their personal data is processed and keep them updated.
But what does that entail?
This blog will explain what a privacy notice is under the DPDP Act, how it differs from a privacy policy, and the rules that apply until the new privacy law is fully enforced.
A privacy notice is aimed at external parties like clients, customers, website visitors, authorities, and other interested entities. It explains what the company does with personal data, including the types of data handled, the legal reasons for processing it, and any personal data shared with third parties.
A privacy notice typically outlines the organisation’s personal data processing practices and tells what to expect regarding the collected personal data:
Unlike a privacy policy, which is for instructing employees of an organisation, a privacy notice informs users and customers about how their personal data is managed. Let’s dive into the details.
You must have noticed the terms “Privacy Notice” and “Privacy Policy”, often being used interchangeably by organisations. This practice is even seen in some privacy laws.
Despite this common mix-up, the International Association of Privacy Professionals (IAPP) clearly distinguishes the two. According to the IAPP, a Privacy Policy is an internal document outlining personal data protection practices for employees, while a Privacy Notice is an external document informing individuals and other stakeholders about these practices.
However, there are key differences:
Privacy Policy: This internal document outlines the roles and responsibilities of employees, the processes and procedures they must follow to handle personal data securely, and the consequences of not following these rules. In simple terms, it specifies how employees should fulfil the commitments made in the Privacy Notice.
Privacy Notice: This external document aims to be transparent about the organisation’s data processing activities for external stakeholders. It may include information on:
Furthermore, the act mandates that Data Fiduciaries provide the Privacy Notice in English and any regional language specified in the Eighth Schedule of the Constitution.
Though, the DPDP Act 2023 (Section 5) does not explicitly require Data Fiduciaries to include information on personal data retention, processing locations, legal compliance, changes to the privacy notice, and the use of consent managers, including these details is considered good industry practice for greater transparency.
Until the DPDP Act is in effect, regulations under the IT Rules will apply regardless of the enforcement. This requires organisations to publish a privacy policy that includes: This requires organisations to publish a privacy policy that includes:
Organisations often use personal data across different departments for various purposes, making manual consent management impractical.
We understand that each business faces unique challenges. That’s why we’ve created an easy-to-use consent management tool that adapts to changing personal data privacy regulations and integrates smoothly with your existing processes.
Our Data Protection Consent Management (DPCM) tool is available as a SaaS model that automates the management of personal data consent requests. It provides a robust system for tracking and handling these requests within companies.
Since the DPDP Act applies to personal data collected before August 11, 2023, the DPCM tool helps organisations manage legacy personal data by sending bulk privacy notices and consent requests.
It includes feature-rich dashboards that allow you to check compliance in real-time at various levels, helping management monitor the entire process, identify bottlenecks, and take practical steps to stay compliant.
Book A Free Consultation
We, at DPDP consultants, also provide a range of services and automation tools, giving your compliance team and management full visibility into your organisation’s compliance status.
Effortlessly manage, execute, control, and monitor your organisation’s DPDPA obligations.
DPDP Consultants Privacyium Tech Pvt. Ltd. 4th floor, GM IT Park, Plot no 32-33, Sector 142, Noida, Uttar Pradesh 201305
Copyright 2024 © DPDP Consultants, A Privacyium Tech Pvt. Ltd. Company