DPDP Rules: Shaping the Future of Data Privacy
The Digital Personal Data Protection (DPDP) rules impose rigorous timelines and security measures on companies managing personal data. The rules demand prompt breach notifications, mandatory data retention periods, and periodic impact assessments. It also outlines procedures for obtaining consent and mandates audits to ensure data privacy.
- Country:
- India
The newly introduced Digital Personal Data Protection (DPDP) rules have set stringent guidelines for companies managing personal data. These rules establish clear timelines for actions like breach notifications and data erasures, alongside requiring significant entities to conduct impact assessments and audits annually.
E-commerce platforms, online gaming firms, and social media giants must adhere to a three-year data retention policy post-user inactivity, while data protection inquiries by the Data Protection Board must be concluded within six months unless an extension is deemed necessary.
For data breaches, companies are required to inform both users and the Data Protection Board promptly. Furthermore, verifiable parental consent is essential before processing children's data, ensuring robust privacy protection in today's digital age.
ALSO READ
-
Meta's MCI Initiative Sparks Privacy Concerns and Employee Outcry
-
MioPods launches on-demand privacy workspaces at Hyderabad Airport
-
Germany's Merz: industrial AI needs more data security, less privacy protection
-
Saudi Arabia’s data protection push faces enforcement gaps despite strong legal foundations
-
UN Rules Netherlands Violated Child’s Privacy Through DNA Retention Policy
Google News