Loading...
Nature

FAQs

Frequently Asked Questions about the DPDP Act 2023

  • What is the DPDP Act?

    DPDP focuses on the privacy of the personal information of Indian citizens. Companies, whether in India or elsewhere, that deal with Indian citizen data or processes involving Indian citizen's personal information are covered under this law.

  • Is there any certification for DPDP?

    DPDP is not a certification but a compliance requirement (law), and as such, there cannot be a certification for a law.

  • Is my ISO certification enough for DPDP?

    ISO certification primarily pertains to data security and IT controls, covering only a small portion of DPDP compliance. DPDP compliance encompasses organisational and IT control and should be an integral part of business practices rather than a mere compliance activity.

  • Will DPDP compliance increase my production costs?

    Yes, it may increase production costs, but it also expands business opportunities. Many non-compliant businesses will cease to operate, creating gaps that compliant companies can fill.

  • My data fiduciary/client is not requesting anything related to DPDP compliance. Should I be concerned?

    Both parties are responsible for compliance under the law. If your client is not aware of the DPDP requirements, it means you don't have a legal basis and lawful purpose for your business operations.

  • I'm not sure if I have any Personally Identifiable Information (PII) of Indian citizens. What should I do?

    It depends on the specific processes in your business. If PII is visible, you likely possess it.

  • What happens after I complete DPDP compliance?

    Compliance should be reviewed periodically to ensure it remains in place and is recorded. DPDP compliance requires "demonstrable evidence of compliance," which can only be achieved through the ongoing practice and recording of compliance measures.

  • What businesses are broadly covered under DPDP?

    Any business dealing with Indian PI information, especially in IT, ITES, BPO, and KPO sectors, is typically covered by DPDP.