DPDP- Digital Personal Data Protection Act
In the ever-changing landscape of finance and data protection in India, the Digital Personal Data Protection Act of 2023 (DPDP Act) has sparked significant transformations. This article explores how our Generic Onboarding Platform (GO) aligns seamlessly with the guidelines laid out in the DPDP Act, simplifying the complex world of data management.
The DPDPA marks India's inaugural data protection legislation, offering a comprehensive framework for the handling of personal data within the country. Enacted in 2023, DPDPA applies to the processing of digital personal data collected within India, whether acquired online or offline and subsequently digitized. Furthermore, it extends its jurisdiction to the processing of digital personal data outside India if it pertains to providing goods or services to data principals within the Indian territory.
Central to the DPDP Act is the designation of significant data fiduciaries (SDFs), identified by the central government based on the volume and sensitivity of the processed personal data and associated risks. Key obligations for SDFs include the appointment of a data protection officer (DPO) based in India, the engagement of an independent data auditor, and the conduct of a data protection impact assessment (DPIA).
Simultaneously, the DPDP Act introduces groundbreaking data protection standards, emphasizing user rights, fiduciary obligations, and data localization dynamics. This section explores how our platform safeguards user data, ensuring compliance with the DPDP Act's provisions on consent, legitimate uses, and data fiduciary obligations. From meticulous consent management to secure data erasure processes, we demonstrate the platform's commitment to data protection in the digital age.
ο»ΏThe DPDP Act creates rights and obligations for individuals. These include the right to get a summary of all the data collected by Data Fiduciaries. Further, the individuals have the right to correct, complete, update, and erase their data.ο»Ώ
- In GO, there is a feature to view the draft application and provide data purging functionality to the REs/ Data Fiduciaries.Β
- Also, an end-user is provided aΒ facility to view the summary of data submitted so that they can review and rectify the data they are providing.
ο»ΏEntities responsible for collecting, storing, and processing digital personal data are defined as data fiduciaries and have defined obligations. These include: (a) maintaining security safeguards; (b) ensuring completeness, accuracy, and consistency of personal data; (c) data erasure on consent withdrawal or the expiry of the specified purposeο»Ώ
- The data collected by GO have significant security safeguards- with built-in security features and advanced encryption protocols, we are confident that our user's data is protected at all times.Β
- The data collected is latest and correct to the best of our knowledge. Through backops, the REs can view and update the data of the end-users.
- The GO Platform has a data purging functionality where a Purge API is provided to delete the data from Signzyβs system once the data is pushed to the REβs(banks/NBFCs)Β system.
As we embrace the principles of the DPDP Act, our commitment to robust data protection with the Generic Onboarding Platform (GO) remains steadfast. Beyond mere compliance, GO actively contributes to advancing data protection standards. We strive to not just keep pace with regulations but to set new benchmarks in safeguarding user data amidst the evolving landscape of digital privacy.
Getting help
Please feel free to contact us if you have any questions, require clarification, or have ideas for how to make the documents or any of our services better.
You can reach out to us at [email protected].
ο»Ώ