India
Digital Personal Data Protection Act, 2023 (DPDPA)
India's DPDPA 2023 is the country's first comprehensive data protection law. It classifies biometric data as personal data and introduces consent-based processing as the primary legal basis. While India operates Aadhaar, the world's largest biometric ID system, the DPDPA provides individuals with rights to access, correct, and erase their personal data. The law applies to processing within India and to processing of Indian residents' data abroad.
Key Provisions
- Biometric data classified as personal data requiring consent for processing
- Purpose limitation: data can only be processed for the purpose consented to
- Data fiduciaries must implement reasonable security safeguards
- Cross-border transfers allowed to notified countries; blocked to restricted ones
- Special provisions for processing children's data (parental consent required)
- Significant data fiduciaries face additional compliance requirements
Your Biometric Rights
- Right to access personal data being processed
- Right to correction and erasure of personal data
- Right to grievance redressal
- Right to nominate another person to exercise rights
- Right to withdraw consent at any time
Penalties for Non-Compliance
Up to ₹250 crore (~$30M USD) per violation. Failure to protect against data breaches: up to ₹250 crore. Failure to notify board of breach: up to ₹200 crore.
Our Removal Process
We submit erasure requests under DPDPA 2023 on behalf of Indian residents. Data fiduciaries must respond within a reasonable period. We track each request and escalate to the Data Protection Board if operators fail to comply.
Get Protected