top of page

Rights, Duties and Liabilities Under the DPDP Act, 2023

  • Writer: Crypticroots
    Crypticroots
  • Feb 21
  • 2 min read

Introduction

The Digital Personal Data Protection Act, 2023 (DPDP Act) creates a balanced framework. It does not only regulate companies — it also empowers individuals and sets accountability standards.

Under this Act:

  • Individuals have rights.

  • Data handlers have duties.

  • Violations lead to liabilities and penalties.

This structure ensures transparency, responsibility, and protection of personal data.


1. Rights of Data Principals

A Data Principal is the individual whose personal data is being processed.

The Act provides the following rights:

(a) Right to Information

Individuals can know:

  • Whether their data is being processed

  • What data is being processed

  • With whom it has been shared

(b) Right to Correction and Erasure

Individuals can request:

  • Correction of inaccurate data

  • Completion of incomplete data

  • Updating outdated data

  • Deletion of data when it is no longer required

(c) Right to Grievance Redressal

If a Data Principal is not satisfied with the response of a company:

  • They can file a complaint.

  • The matter can be escalated to the Data Protection Board of India.

(d) Right to Nominate

A Data Principal can nominate another person to exercise their rights in case of death or incapacity.


2. Duties of Data Principals

The Act also expects responsibility from individuals.

Data Principals must:

  • Provide accurate information.

  • Avoid false or misleading complaints.

  • Comply with applicable laws.

This ensures the system works fairly for everyone.


3. Duties of Data Fiduciaries

A Data Fiduciary (company, organisation, or government body) must:

  • Process data lawfully.

  • Provide clear notice before collecting data.

  • Take proper security measures.

  • Inform authorities in case of data breach.

  • Delete data once the purpose is completed.

  • Provide a grievance redressal mechanism.

These duties form the core compliance requirements of the Act.


4. Special Duties of Significant Data Fiduciaries

If an organisation is classified as a Significant Data Fiduciary (SDF), it must additionally:

  • Appoint a Data Protection Officer (DPO).

  • Conduct periodic audits.

  • Carry out Data Protection Impact Assessments (DPIA).

  • Follow enhanced compliance standards.

This applies to organisations handling large-scale or high-risk data.


5. Liabilities and Penalties

If any entity violates the Act:

  • The Data Protection Board of India can investigate.

  • Monetary penalties may be imposed.

  • Corrective directions can be issued.

The Act follows a regulatory penalty model to ensure accountability.


Legal Foundation

The constitutional basis for data protection laws in India comes from:

🔹 Justice K.S. Puttaswamy v. Union of India

In this landmark judgment:

  • Privacy was recognised as a fundamental right.

  • The Court emphasized proportionality and safeguards.

  • It laid the foundation for modern data protection laws in India.


Conclusion

The DPDP Act creates a structured balance between:

  • Individual rights

  • Organisational responsibility

  • Government oversight

This ensures protection of personal data while supporting digital growth.


Recent Posts

See All
Exemptions Under DPDP Act, 2023

Not every rule applies everywhere , because even the strongest laws recognize practical limits. The DPDP Act carefully balances privacy with national interest and administrative necessity. What Are Ex

 
 
 
Data Protection Lifecycle Under the DPDP Act

Because personal data does not remain still, it travels through stages. Understanding the lifecycle of data helps readers understand when and how protection applies . 🔄 Stages of the Data Lifecycle C

 
 
 

Comments

bottom of page