The Government of India passed the Digital Personal Data Protection Act 2023 DPDPA 2023) with Presidential assent on 11th August 2023.
The Act provided that different provisions of the Act will come into existence at different points of time to be notified.
The notification is expected to be released any time. A draft set of rules were released earlier on 3rd January 2025 and they may also be refined with the next notification.
Till the DPDPA 2023 is effective, and even subsequently for some of the aspects, Information Technology Act 2000/8 (ITA 2000/8) with Section 43A and the Reasonable Security Practice notification for Sensitive Data will be the applicable Personal Data Protection Law. The DPDPA 2023 will be considered as a “Guideline” under the Due Diligence/Reasonable Security Practice under Section 43A of Information Technology Act 2000/8.
Ujvala is immediately upgrading its audit methodology to be compliant with DPDPA 2023 and adopting PDPCSI for Privacy assessments. These will be certified under the FDPPI certification program. Ujvala provides both Gap Assessments and Implementation consultancy and audit based on DGPSI framework For more information, kindly contact Naavi.Naavi
