ForumIAS announcing GS Foundation Program for UPSC CSE 2025-26 from 10th August. Click Here for more information.
Source-This post on India’s Digital Personal Data Protection Act has been created based on the article “Businesses should adapt quickly to India’s privacy law” published in “Live Mint” on 25 July 2024.
UPSC Syllabus–GS Paper-2– Government Policies and Interventions for Development in various sectors and Issues arising out of their Design and Implementation.
Context-The Digital Personal Data Protection Act (DPDP Act) of 2023 is set to revolutionize how businesses handle personal data in India. This new legislation has raised concerns among sales teams and organizations about their traditional marketing and data collection practices.
Companies mostly gather large datasets of personal information to generate sales leads. Call centers then use this data to contact potential customers, leading to frequent interruptions from unsolicited sales calls and online ads. This data acquisition process sometimes raises ethical concerns.
What are the Key Provisions of the DPDP Act?
1) Legitimate Grounds for Data Processing -Personal data must have a valid reason for processing, usually obtained through consent. This consent must be specific to the intended use of the data. Sharing or repurposing data without explicit consent is not allowed.
2) Rights of Data Principals– Individuals have the right to access information about how their personal data is being processed. They can also inquire about sharing their data sets with others.
c) Obligations of Data Fiduciaries– Organizations must track all purposes for which personal data is used. They must show that they have obtained consent for any data transfers.
d) Penalties: Each breach of the DPDP Act can result in penalties up to ₹250 crore.
A detailed article on Digital Personal Data Protection Bill, 2023 can be read here.
What will be the impact of this Act on Business Operations?
a) Sales and Marketing-
A) Traditional “spray-and-pray” marketing approaches may become unsustainable.
B) Businesses selling datasets of personal information will likely shut down.
C) Storing pre-existing data without legitimate grounds becomes a violation.
b) Customer Verification Processes- Updating KYC with alternate phone numbers can raise compliance issues. Businesses will have to redesign processes to avoid unnecessary collection of personal data.
What should be the Way ahead?
A) Organizations need to revise their operations to ensure compliance.
B) Alternative marketing strategies that respect data privacy must be developed.
Question for practice
What are the Key Provisions of the DPDP Act? What will be the impact of this Act on Business Operations?
