ARTICLE
26 March 2024

Grievance Redressal Mechanism And Data Protection Officer Under The DPDPA, 2023

NL
NovoJuris Legal

Contributor

NovoJuris Legal, an innovative and new-age law firm, where clients leverage on in-depth knowledge and solutions based approach. We work with high impact and rapid growth companies to large corporates and disruptive tech businesses. Our Funds formation practice is robust and we are consistently ranked amongst India’s top 5 in private equity.
Recognizing the need to protect privacy rights of the individuals ("Data Principal"), the Digital Personal Data Protection Act, 2023 (DPDPA) provides the Data Principals with the following rights.
India Privacy
To print this article, all you need is to be registered or login on Mondaq.com.

Recognizing the need to protect privacy rights of the individuals ("Data Principal"), the Digital Personal Data Protection Act, 2023 (DPDPA) provides the Data Principals with the following rights: (i) right to obtain information on personal data processing by the Data Fiduciary; (ii) right to correct, update or erase her personal data; (iii) right to nominate someone else in the event of her death or incapacity to exercise her rights; and (iv) right to withdraw consent.

Besides the rights, the Data Principals may also have other grievances related to Data Fiduciary's performance of its obligations under the DPDPA.

DPDPA, in consideration of the above purposes, mandates the establishment of a mechanism by a Data Fiduciary to redress the grievances of Data Principals and to enable them to exercise their rights.

Whether the Data Protection Officer (DPO) can be the go-to person for the grievance redressal mechanism, or should there be a separate grievance officer? Where the Data Fiduciary is a significant data fiduciary under the DPDPA, the Data Protection Officer should be the point of contact for the grievance redressal mechanism.

In case of non-significant data fiduciary, there would be no obligation for the Data Fiduciary to appoint a DPO, which negates the need to have the DPO as the point of contact for grievance redressal mechanism.

That said, in lieu of the DPO, DPDPA requires such data fiduciary to publish the contact details of the person who can (i) communicate with the Data Principals to assist with their rights; and (ii) handle the queries of Data Principals on processing of their personal data by Data Fiduciary and assist with the rights under the DPDPA (Privacy Officer).

DPDPA clarifies that DPO should be based in India as a representative of a significant data fiduciary and be an individual responsible to its Board of Directors or similar governing body. DPDPA, however, does not specify similar requirements for a Privacy Officer.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

ARTICLE
26 March 2024

Grievance Redressal Mechanism And Data Protection Officer Under The DPDPA, 2023

India Privacy

Contributor

NovoJuris Legal, an innovative and new-age law firm, where clients leverage on in-depth knowledge and solutions based approach. We work with high impact and rapid growth companies to large corporates and disruptive tech businesses. Our Funds formation practice is robust and we are consistently ranked amongst India’s top 5 in private equity.
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More