DPDP Act reflect commitment to safeguard users: Centre
It also imposes stringent protections on personal data transfers, as exemplified by the Reserve Bank of India's directive
image for illustrative purpose
New Delhi: Amid the changing landscape where cyber-criminals use novel methods to steal personal data, the Digital Personal Data Protection (DPDP) Act, 2023 upholds individuals' rights to safeguard their data, incorporating established principles for its protection, the government has said.
According to Ministry of Electronics & IT, these principles include obtaining consent for lawful and transparent use of personal data, limiting its use to specified purposes, minimising data collection to necessary levels, ensuring data accuracy and timely updates, restricting storage duration to the required period, implementing robust security measures, and enforcing accountability through penalties for breaches and data adjudication. The Act also imposes stringent protections on personal data transfers, as exemplified by the Reserve Bank of India's directive under Section 10(2) and Section 18 of the Payment and Settlement Systems Act, 2007, mandating the storage of payment system data within India.
“These provisions underscore the Act's commitment to robust data protection standards and restrictions on personal data transfers, which remain in effect under its framework,” said the IT Ministry. As the country continues to harness the benefits of digital transformation, maintaining stringent data protection standards will be crucial in fostering trust, resilience, and sustainable growth in its digital economy.