What Are The Data Principal Rights Under The DPDP Act?
Discover the rights granted to Data Principals under the DPDP Act 2023 to help you navigate through a secure and transparent digital landscape.
One of the significant milestones we witnessed in 2023 was the enactment of the DPDP Act, crafted to give individuals or Data Principals more control over their shared, used, and stored personal data.
Under the legal framework, organizations are mandated to maintain transparency, provide access, and ensure robust security measures in handling personal data. Failure to comply with these responsibilities may result in hefty penalties.
In this blog, we delve into the rights granted to Data Principals by the DPDP Act, as highlighted in Sections 11-14 of the DPDP Act.
Rights Of Data Principals Under The DPDP Act
Take a look at all your rights that fall under the DPDP Act. These rights let you take control of your personal information and protect it.
1. Right To Access Information About Personal Data
Let’s say you want to understand what an organization is doing with the data you have shared with them. You now have the Right to Access Information as outlined in the Digital Personal Data Protection Act 2023. This provision grants Data Principals (people whose data is processed by companies) the ability to request specific details about the processing of their personal data.
Under Section 11(1)(c), you can even gain a comprehensive understanding of how your data is being used and processed. This allows you to request any other information related to your personal data.
But there is an exception as stated in Section 11(2). This is when the data has been shared with another Data Fiduciary who is legally authorized to acquire such data for specific purposes like preventing, detecting, or investigating cybercrime, or for the prosecution or punishment of offences. In these specific circumstances, some of the rights mentioned in Sections 11(1)(a), 11(1)(b), and 11(1)(c) may not be fully enforceable.
It’s important to note that the exception is applicable only under specific circumstances, primarily related to cybersecurity and legal investigations.
This exception ensures a balance between individual data rights and the broader objectives of preventing and prosecuting cyber incidents or offences.
2. Right To Correction And Erasure of Personal Data
Under Section 12 (1) of the DPDP Act, you have the right to make any corrections to the data if it is false, inaccurate, incomplete, misleading, or needs an update. To do this, you will have to submit a written request to the Data Fiduciary, specifying the necessary changes. The Data Fiduciary is required to promptly evaluate your correction request and implement the required changes.
Section 12(2) also offers you the right to erase data. You, as a Data Principal, have the right to request the erasure of your personal data. The Data Fiduciary is obliged to fulfil this request unless there are specific reasons to retain the data, such as for a particular purpose or to comply with legal requirements.
While the Act provides the right to erasure, it acknowledges that certain conditions and exceptions may apply. These conditions and exceptions will be specified in the rules associated with the Act, providing a structure for when erasure may not be feasible or permissible.
3. Right To Grievence Readdressal
Under Section 13(1), the DPDP Act gives you the provision of grievance readdressal. If you think your data isn’t being processed, shared, stored, or used properly, you may raise a grievance.
The Data Fiduciary or the Consent Manager is obliged to respond within the given time limit and take care of your concerns efficiently. This time limit will be specified in the rules that are yet to be released.
Before approaching the Data Protection Board with a grievance, Data Principals are required to exhaust the grievance redressal opportunities provided by the Data Fiduciary or Consent Manager.
This provision is designed to encourage the resolution of minor issues at the basic level, without the immediate involvement of higher authorities. The intention behind Section 13(3) is to streamline the grievance resolution process and address concerns efficiently at the organizational level.
4. Right To Nominate
Section 14 (2) of the DPDP Act grants individuals the right to appoint a representative to manage their data rights if they are incapacitated or in the event of their death. Incapacity includes both mental health issues and physical disabilities that impede the exercise of data rights.
This legal provision underscores the protection of personal data rights. The act outlines the nomination process in its rules, ensuring a smooth transition for data protection even in challenging circumstances.
This mechanism is designed to provide a structured and legally supported approach, emphasizing the Act’s commitment to safeguarding individuals’ data rights throughout different life situations.
Wrapping Up
The Digital Personal Data Protection Act of 2023 is a significant step in safeguarding individual rights regarding personal data. It grants Data Principals a set of rights to ensure they are in control of their data. DPDP also adds an extra layer of protection by allowing the nomination of representatives in case of incapacity or death.
The DPDP Act 2023 aims to empower individuals by granting them rights over their personal data, ensuring that these rights are preserved even in challenging circumstances. It holds organizations accountable for transparent and authentic handling of personal information. The overall goal is to establish a framework that promotes fairness, privacy, and trust in the increasingly digitized landscape of data interactions.
DPDP consultants can help you navigate these challenges by providing valuable assistance in understanding and aligning with the complexities of this new regulatory framework:
All The Tools & Expertise You Need To Get DPDP Compliant!
If you are a business in India aiming for seamless compliance with the DPDP Act 2023, look no further! We have the right tools and services to guide you through the complexities of this new law and avoid penalties.
Comments
0 Likes
