Search
Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Harbor cooperation between DPO, Legal Services, IT and Marketing
Turn data subject request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Guide your partners trough vendor management process workflow
Identifying the risk from the point of view of Data Subject
Quickly respond, mitigate damage and maintain compliance
Consolidate your data and prioritize your relationship with customers
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

India’s Digital Personal Data Protection Act – DPDP

The Digital Personal Data Protection Act, abbreviated as DPDP, was officially enacted in August 2023 and will be implemented once notified by the Indian Government.

Once effective, it will mark a significant milestone in India’s data protection landscape. It will introduce a comprehensive legal framework akin to the GDPR and reflect the evolving data economy in the world’s largest democracy.

What you need to know about DPDP

The DPDP establishes a regulatory framework for processing digital personal data, encompassing penalties for non-compliance and granting specific data rights to individuals.

Additionally, it imposes obligations on Organizations, requiring them to adhere to data security standards, obtain informed consent, and conduct DPIAs, among other responsibilities.

While many of its ideas and provisions mirror the GDPR, it introduces certain distinctions. The term “grievance redressal” is unique to this law, while several data rights are absent. Instead of the six possible lawful grounds the GDPR sets, the DPDP only recognizes two (consent and legitimate use).

Regardless, data breach notification requirements, needing to conduct DPIA, and appointing a DPO all align with other global data privacy regulations.

DPDP Definitions

  • Data Principals: Individuals within India similar to Data Subject in GDPR
  • Data Fiduciary: Organizations or associations determining the purpose and means of processing personal data.
  • Significant Data Fiduciary (SDF): Certain data fiduciaries may get this categorization based on the volume and sensitivity of personal data they process and associated risk.
  • Agent of Organization or Data Processor: Any person processing personal data on behalf of a data fiduciary.
  • Data Protection Officer (DPO): An individual appointed by a significant data fiduciary to undertake activities assigned within the Act
  • Regulatory Body: the Data Protection Board of India (DPBI). The primary regulatory body responsible for enforcing the Act

DPDP Penalties

DPDP recognized two tiers of fines:

  • The DPDP Act introduces penalties of up to INR 250 crores (approximately €2.75 million) for violations, or 2% of the total worldwide turnover, whichever is higher.
  • For particular breaches, the penalties may go up to INR 500 crores (approximately €5.5 million) or 4% of the total worldwide turnover.

DPDP Applicability

DPDP covers the processing of digital personal data within India and the extraterritorial processing of digital personal data outside India if the processing is connected to the offering of goods or services to data principals within India.

DPDP Data Rights

The DPDP outlines specific data rights that individuals can excersize. These rights empower data principals in India to have greater control over their personal information. The key rights under DPDP include:

  • Right to Access: Data principals have the right to request and access their personal data held by
    data fiduciaries.
  • Right to Correction and Erasure: Data principals can request corrections or updates to their personal data if it is inaccurate or incomplete.
  • Right to Withdraw Consent: Data principals can withdraw their consent for data processing at any time, and data fiduciaries must stop processing their data upon withdrawal.
  • Right to Grievance Redressal: Data principals have the right to file complaints or grievances regarding the processing of their personal data.
  • Right to Nominate a Representative: In case of death or incapacity, data principals can nominate a representative to exercise their data rights on their behalf.

Requirements for Organizations

These are some of the core obligations. Specific requirements and compliance measures may vary depending on the organization’s classification as a Data Fiduciary or Significant Data Fiduciary and the nature of their data processing activities.

  • Data Security Safeguards: Organizations are required to implement security measures to prevent data breaches and unauthorized access to personal data.
  • Data Breach Reporting: In the event of a personal data breach, Organizations must inform affected individuals and report the breach to the Data Protection Board of India.
  • Data Retention: Data fiduciaries (organizations) are required to erase personal data when it is no longer needed for the specified purpose. This means that organizations should not retain personal data indefinitely but should have mechanisms in place to delete or anonymize data when it no longer serves a legitimate purpose.
  • Consent and Transparency: Organizations must obtain clear and informed consent from individuals before collecting their personal data. They should also provide transparency by informing individuals about the purpose of data collection.

How DPM Responds to DPDP Requirements

Data Privacy Manager (DPM) is an Enterprise-grade software made and hosted in the EU and used by companies to automate all aspects of their privacy governance and compliance.

It is designed to improve the governance of personal data, centralize consents and preferences, automate compliance-related tasks, and minimize regulatory risks. The DPM platform is composed of four products, including various modules.

Data Principal Rights

PDPL: The DPDP grants certain rights to individuals, including the right to request and access their personal data held by data fiduciaries and the right to correction and erasure their personal data if it is inaccurate or incomplete.

Data subject request DPDP

SOLUTION: The Data Subject Request module allows Organizations to efficiently track, prioritize, and respond to requests related to data access, correction, deletion, and portability. By maintaining a comprehensive record of these requests and their corresponding actions, the DPM solution empowers businesses to effectively handle data principal requests, ensuring adherence to the DPDP.

Data Protection Impact Assessments

DPDP: Organizations, particularly Significant Data Fiduciaries (SDFs), are required to conduct Data Protection Impact Assessments (DPIAs) as part of their data protection obligations.

Data Protection Impact Assessment in DPDP

SOLUTION: Assessment Automation module provides templates for Data Protection Impact Assessment (DPIA)). It enables easy collaboration and task assignment, allowing you to track the progress of specific assessments in real-time. You can easily identify potential privacy risks and implement measures to address them.

Consent Collection and Management

DPDP: More often than not, Organizations will have to obtain valid consent from data principals before they can collect and use their personal data. Consent is a critical aspect of data processing under the DPDP.

Organizations have to handle consent in a transparent, informed, and responsible manner to ensure compliance with the law. Additionally, organizations must provide a straightforward mechanism for data principals to withdraw consent and efficiently handle consent requests, withdrawals, and record-keeping.

DPDP consent management and administration

SOLUTION: The Consent Management module irons out the operational consent management challenges and gives you real-time insight into the complete
personal data lifecycle. It represents a consent record and enables you to demonstrate compliance for any data principal on any level at any point in time.

Data Retention and Data Removal

DPDP: Organizations need to erase personal data as soon as the purpose has been met, and retention is not necessary for legal purposes

DPDP Data Removal

SOLUTION: Data Removal Orchestration automatically gives instructions to a different system when data deletion needs to be executed and enables you to define data retention and data removal operationalization. Answering two key questions: “WHICH data needs to be removed, “and “WHEN does this data need to be removed.”

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top