DPDP Act 2023 Glossary

Under DPDP, consent must be free, specific, informed, unconditional, and unambiguous. It must be given through a clear affirmative action and can be withdrawn at any time. Consent forms the legal basis for processing personal data.

A platform registered with the Data Protection Board that enables Data Principals to give, manage, review, and withdraw consent through a single accessible interface. AquaConsento is designed to serve as a Consent Manager under DPDP.

Transfer of personal data outside India's borders. Under DPDP, such transfers are permitted to countries notified by the Central Government, while transfers to restricted countries are prohibited.

Any unauthorized processing of personal data or accidental disclosure, destruction, or loss of personal data that compromises its confidentiality, integrity, or availability. Data Fiduciaries must notify the Board and affected Data Principals.

Any person (including a company, firm, or individual) who alone or in conjunction with other persons determines the purpose and means of processing personal data. Data Fiduciaries bear primary responsibility for DPDP compliance.

An individual whose personal data is being collected or processed. Under DPDP Act 2023, Data Principals have specific rights including the right to access, correct, and erase their personal data.

Any person who processes personal data on behalf of a Data Fiduciary. While Data Processors act under the instructions of Data Fiduciaries, they must also ensure data security.

The regulatory body established under DPDP Act 2023 to adjudicate disputes, impose penalties, and ensure compliance. The Board has the power to impose penalties up to ₹250 crore for violations.

A senior official appointed by Significant Data Fiduciaries to oversee data protection strategy and compliance. The DPO serves as the point of contact for the Data Protection Board.

Personal data that is in digital form. This includes data that was originally collected in non-digital form but subsequently digitized. DPDP Act 2023 primarily governs digital personal data.

Lawful grounds for processing personal data without explicit consent, including voluntary data provision, state functions, legal obligations, medical emergencies, employment, and public interest purposes.

Monetary fines imposed by the Data Protection Board for DPDP violations. Penalties range from ₹10,000 for minor violations to ₹250 crore for significant breaches affecting national security.

Any data about an individual who is identifiable by or in relation to such data. This includes names, addresses, phone numbers, email addresses, biometric data, and any other identifying information.

Any operation performed on personal data including collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, dissemination, restriction, erasure, or destruction.

The right of Data Principals to request correction or completion of inaccurate or misleading personal data, and to update personal data that is incomplete.

The right of Data Principals to request deletion of their personal data when it is no longer necessary for the purpose it was collected, or when consent is withdrawn.

A Data Fiduciary notified by the Central Government based on factors such as volume and sensitivity of personal data processed, risk of harm, and potential impact on sovereignty and security of India.