The Digital Personal Data Protection Act, 2023 (DPDPA) is a landmark data protection legislation in India, aimed at strengthening the protection of personal data, ensuring data privacy, and regulating the collection, storage, processing, and use of personal data. The law was passed in 2023, marking a significant step in India’s commitment to privacy protection in the digital economy. Core Objectives of DPDPA: 1. Protection of Personal Data: Safeguarding the privacy rights of data subjects (individuals) and ensuring that personal data is adequately protected. 2. Transparency and Compliance: Ensuring transparency in data processing activities by requiring data controllers to provide clear privacy policies and handling practices. 3. Data Subject Rights: Granting data subjects control over their personal data, including rights to access, rectify, delete, and withdraw consent. 4. Responsibilities of Data Processors: Clearly defining the responsibilities of data controllers and processors when collecting and processing personal data. 5. Cross-border Data Transfers: Regulating the transfer of personal data across borders to ensure the safety and compliance of data internationally. 6. Regulatory Authority: Establishing an independent regulatory body responsible for overseeing and enforcing data protection regulations. DPDPA applies to: 1. Any company, organization, or individual operating within India; 2. Foreign companies, organizations, and individuals operating outside India but processing personal data of Indian residents; 3. Entities collecting, storing, using, or processing personal data within India. Key Provisions: • Consent Management: Data controllers must obtain explicit consent from data subjects before collecting personal data, and must inform them of the purpose of data processing. • Data Protection Officer (DPO): Larger organizations are required to appoint a Data Protection Officer to ensure compliance with data protection requirements. • Data Breach Notification: In the event of a data breach, data controllers must report the breach to the regulatory authority within a specified time frame and notify data subjects when necessary. • Penalties and Fines: The DPDPA imposes substantial penalties for non-compliance, ensuring that the law is enforced effectively. The implementation of DPDPA will significantly strengthen data protection standards in India, enhance privacy awareness, and help Indian businesses align with international data protection norms, fostering the healthy growth of the digital economy. Tuya has also created a DPDPA compliance white paper to help our clients understand the requirements of the DPDPA and ensure compliance.