Frequently Asked Questions about the DPDP Act 2023

• What is the DPDP Act?

  DPDP focuses on the privacy of the personal information of Indian citizens. Companies, whether in India or elsewhere, that deal with Indian citizen data or processes involving Indian citizen's personal information are covered under this law.

• Is there any certification for DPDP?

  DPDP is not a certification but a compliance requirement (law), and as such, there cannot be a certification for a law.

• Will DPDP compliance increase my production costs?

  Yes, it may increase production costs, but it also expands business opportunities. Many non-compliant businesses will cease to operate, creating gaps that compliant companies can fill.

• My data fiduciary/client is not requesting anything related to DPDP compliance. Should I be concerned?

  Both parties are responsible for compliance under the law. If your client is not aware of the DPDP requirements, it means you don't have a legal basis and lawful purpose for your business operations.

• I'm not sure if I have any Personally Identifiable Information (PII) of Indian citizens. What should I do?

  It depends on the specific processes in your business. If PII is visible, you likely possess it.

• What happens after I complete DPDP compliance?

  Compliance should be reviewed periodically to ensure it remains in place and is recorded. DPDP compliance requires "demonstrable evidence of compliance," which can only be achieved through the ongoing practice and recording of compliance measures.

• What businesses are broadly covered under the DPDP Act?

  Any business dealing with Indian personal information, is generally covered by the DPDP Act.