Digital Personal Data Protection Act, 2023 aur Rules 2025: Bharat me Digital Privacy ka Naya Kanoon – Full Guide with Examples

By /
Digital Personal Data Protection Act 2023 and Rules 2025 infographic English www.advocatedost.com

DPDP Act, 2023 aur Rules 2025 ke bare me jankari

Bharat me jab se logon ne internet aur apps ka zyada istemal shuru kiya hai, tab se personal data ki suraksha bahut important ho gayi hai. Har roz hum apna naam, mobile number, address, bank details, health info, browsing history, location, aur bahut kuch digital way me share karte hain. In sab cheezon ki chori ya misuse hone se identity theft, fraud, aur bahut nuksan ho sakta hai. Justice K.S. Puttaswamy ke case (2017) me Supreme Court ne privacy ko Fundamental Right maana, jisse “informational privacy” par kanoon banana zaroori hua. Isi background me Bharat sarkar ne Digital Personal Data Protection Act, 2023 (DPDP Act) pass kiya, jo “comprehensive data privacy law” ke roop me digital data processing ko regulate karta hai. Ye kanoon individuals ke personal data ko protect karne aur lawful processing me balance banaye rakhne ki baat karta hai. Naye DPDP Rules 2025 (abhi draft stage me) in niyamon ko implement karne ke liye naye guidelines laaye.

Digital Privacy Law India: Zaroori Kyu Hai?

Aaj ke digital yug me hum sab apni puri zindagi mobile aur online services par rely karte hain. Isliye data privacy bahut maayne rakhti hai. Agar aapke personal information (jaise mobile number, photo, bank info, ya location) kisi ko pata chal jaye to aapka misuse ho sakta hai. Usi tarah companies ko bhi apne users ka data secure rakhna padta hai. Bharat me pehle Information Technology Act 2000 me kuch provisions the (jaise Section 43A, 72A) lekin wo kafi nahi the. 2017 me Puttaswamy Judgment me banaya gaya privacy adhikar ne sarkar ko force kiya ki woh naya data protection law lay. Justice B.N. Srikrishna Committee (2017) ne propose kiya ki rights-based framework ho, jisse 2019 ka Personal Data Protection Bill bana. Us Bill me strict data localisation aur sarkari powers hone ki wajah se bahut charcha hui, aur 2022 me usko withdraw karke ek balanced DPDP Bill laya gaya. Ant me DPDP Bill, 2022 Parliament se pass hoke August 11, 2023 ko President ki assent mila, aur ye Digital Personal Data Protection Act, 2023 ban gaya. Filhal iska implementation date central government notification par depend karta hai – abhi tak notification nahin aayi hai, isliye Act enforce nahi hua. Par rules banana shuru ho gaya hai: Jan 2025 me draft DPDP Rules 2025 public consultation ke liye aaye, jisme 72 ghante me breach notification, detailed notice requirements, consent managers, data localisation jaisi baatein hain.

DPDP Act 2023 in Hindi: Itihaas aur Pichhe Ka Reason

Bharat me Digital Data Protection ke safar ki shuruaat 2017 ke Supreme Court ke Puttaswamy faisle se hui. Usme kaha gaya ke personal privacy Fundamental Right hai. Phir 2017 me Srikrishna Committee bani, jinhone rights-consent-based approach suggest ki. 2019 me Personal Data Protection Bill laya gaya, jisme bahut debate hui aur ye withdraw bhi hua. Fir 2022-23 me naye roop me DPDP Bill aaya, jo business-friendly tha. Is naye Act me consent-based regimedata fiduciary aur data principal jaise roles defined hain, aur individuals ko access, correct, delete apne data ka adhikar diya gaya. Act ke sath ek Data Protection Board (DPB) bhi banega jo enforcement aur complaints dekhega. Ye Act digital personal data (sirf online/ digital form me data) ko cover karta hai, jisme aapki identity se judi information aati hai. Offline ya bahut purana (100 saal se zyada) data isme nahi hai.

Personal Data Protection: DPDP Act ke Mukhya Pravadhan

DPDP Act 2023 me kuch important features hain jo aam user ke liye zaroori hai:

  • Consent aur Notice: Kisi bhi digital app ya website ko aapka personal data lene se pahle consent lena zaruri hai. Consent hona chahiye free, specific, informed, unconditional, aur unambiguous (saf taur par sahmati dikhane wala). Matlab agar koi app aapse photo, contacts, location mangta hai, to usko pehle clearly batana hoga ki ye data kyun chahiye. Ye notice (jaise privacy policy ya terms) seedhe, samajhne wale language me aapko dikhna chahiye. Notice me mention karna hota hai: kaun sa data liya jaega, kyun liya jaega (purpose), aapke rights kya hain (jaise erase karne, withdraw consent karne ka adhikar). Is tarah transparency hoti hai. Agar kahin permission gabrahat me ya hidden terms me li gayi (jaise user se chupke data lena), to ye Act ke khilaf hai.
  • Data Principal ke Rights (Users ke Adhikaar): Act kehta hai ki Data Principal (yaani aap, jiska data hai) ke paas kuch adhikar hain. Example ke liye:
    • Access aur Jaankari: Aap request kar sakte hain ki aapke baare me kya data ek site ya company ke paas hai, kahan share hua hai, iska summary batao.
    • Correction/Update: Agar aapke data me koi galat ya incomplete information hai, to aap usko sudharva sakte hain.
    • Deletion (Maangne par mitaana): Jab data ka specified purpose poora ho jaye ya aap consent wapas le lein, to company ko aapka data erase karna padta hai (jab tak kanoon ya legal jarurat na ho).
    • Withdraw Consent: Aap kabhi bhi apni sahmati wapas le sakte hain. Iska matlab, pehle agar aapne kisi app ko data use karne diya, ab aap keh sakte ho “mujhe ye data dena band karo.” Company ko reasonable time me processing rok deni hogi.
    • Grievance Redressal: Agar aapko lagta hai data misuse ho raha hai, to Data Fiduciary (company) ke paas complaint kar sakte hain. Act me kahin kahin Data Principal ke liye grievance redressal mechanism bhi banane ki baat hai. Aapko aisa accessible tarika milna chahiye complaints lodge karne ka.
    • Nomination: Agar kisi data principal ke marne ya incapacity hone par bhi adhikar follow ho, to wo pehle se hi ek dusre vyakti ko nominate kar sakta hai apne rights ke liye.
  • Data Fiduciary ke Dayitva (Companies ki Jimmedariyaan): Jo bhi organization (data fiduciary) aapka data collect karegi, uspar kuch zimmedariyan hogi:
    • Data Collect Sirf Zaruri Maamle ke Liye: Company ko sirf itna data lena hai jitna kaam (purpose) ke liye strictly required hai.
    • Proper Notice Dena: Data collect karne se pahle clear notice dete (jaisa upar bataya).
    • Data Suraksha (Security): Aapke data ko protect karne ke liye reasonable security safeguards lagu karne honge. Isme technical measures jaise encryption, masking, tokenization, aur strong access controls shamil hain. Company ko unauthorized access rokna hoga aur regular auditing karna hoga.
    • Data Breach par Turant Karya: Agar data breach ho jaata hai (jaise hackers ka attack), to Data Fiduciary ko Data Protection Board (DPB) aur jise jise breach se affect hua hai, dono ko 72 ghante me inform karna padega. Ye naya rule hai jo rules 2025 me mention hai.
    • Significant Data Fiduciary (SDF): Kuch bade platforms (jo crores users ka data rakhte hain, jaise e-commerce ya social media) ko Significant Data Fiduciary declare kiya jayega. SDF ko extra obligations rahegi – jaise India me ek Data Protection Officer (DPO) appoint karna, independent audit karvana, aur regular Data Protection Impact Assessment (DPIA) karna. In ke liye kuch naye rules 2025 me aur bhi add kiye gaye (jaise additional due diligence aur audits).
    • Special Data Classes (Bachchon ka Data): Bachchon ki personal data ko process karte waqt bahut strict guidelines rakhe gaye hain. Companies ko bachche ke data ke liye parent ya guardian se verifiable consent lena hoga. Jaisa ki draft rules me diya gaya hai, parent ka pata laga ke hi company processing karegi. Kuch exceptions (jaise school safety ke liye tracking) allow kiye gaye hain.
  • Central Government ke Powers: Act me Centre ko kuch powers diye gaye hai. Jaise wo certain countries ko approved list se hatane ya data transfer pe restrictions laga sakta hai. (Draft rules me ye baat aayi hai ki cross-border transfer sirf tab ho jab govt ne us country pe koi rok na lagayi ho).
  • Naye Kanoon ke Dosh (Penalties): DPDP Act 2023 me bahut heavy penalties hai agar companies rules nahi follow karte. Kuch main fines:
    • Security Breach (Section 8(5)) par ₹250 crore tak tak jurmana (sabse zyada tier).
    • Breach Notification me laaparvaahi (Section 8(6)) par ₹200 crore tak fine.
    • Children’s Data ke obligations todne par ₹200 crore tak.
    • Significant Data Fiduciary ke extra niyam todne par ₹150 crore tak.
    • Kisi bhi aur provision ki violation par ₹50 crore tak.
    • (Aur Data Principal apne adhikar ka ghalat istemal kare to ₹10 hazaar tak fine ho sakta hai, lekin aam user ke liye mostly ye fines companies ke liye hain).

In sab se pata chalta hai ki agar aapka data kharab tarike se use hua, to uske liye companies ko bohot badi penalty bhugatni pad sakti hai. Is tarah kanoon me chori rokne ke liye bada dand rakha gaya hai.

Data Consent Law India: Draft DPDP Rules 2025 ke Naye Niyam

DPDP Act ko chalane ke liye abhi rules ban rahe hain. Draft Rules 2025 me kuch naye features hain jo companies ke liye aur users ke liye faisla banenge:

  • Notice Details (सूचना में विस्तार): Ab notice me aur itemized information dalni hogi. Matlab aapko clearly bataana hoga ki kaun kaunse personal data points collect ho rahe hain, aur aapko kaun si cheez (service) ke liye data diya ja raha hai. Ye pehle ke mukable aur detailed rules hain.
  • Reasonable Security Safeguards (सुरक्षा की उपाय): Act me tha ke security measures honi chahiye. Rules 2025 me kuch minimum technical safeguards specify kiye gaye hain. Jaise access control, logs maintain karna, data ka backup rakhna, etc. Koi fixed standard nahin bataya, lekin in basic cheezon ko har data fiduciary apnaega.
  • Data Breach Notification: Jaise upar bataya, breach hone par DPB aur affected users ko turant batana padega. Draft rules me ye clear hai ke notice 72 ghante ke andar DPB ko, saath hi saare affected Data Principals ko dena hoga. Ye user ko khud jaankari rakhta hai aur company ko transparency ke liye majboor karta hai.
  • Cross-Border Transfer (डेटा विदेश ट्रांसफर): Draft Rules kehte hain ki Bharat ke andar processing karne wali koi bhi entity agar bahar kisi country mein data bhejti hai (jaise multi-national companies), to wo sirf un deshon ko bhej sakti hai jinke liye govt ne koi restriction na lagayi ho. Act me abhi sirf restrict karne ki power hai, ab rules me is system ka zikr hai.
  • Bachchon ke Liye Consent (बालकों का सहमति): Draft Rules ne bachchon ke liye verifiable consent define kiya hai. Agar data principal bachcha hai (ya disability wali situation), to parent/guardian ki sahmati (aur unki pahchan) verify karni hogi. Rules clarify karte hain kaise confirm karega ki sign karne wala insaan asli parent hai. Ye extra step rakha gaya hai minor ke data ka misuse na ho.
  • Exemptions for Children (बच्चों का डेटा प्रोसेसिंग): Kuch classes ko exemptions di gayi hai. Jaise schools, healthcare establishments agar bachchon ke liye safety ya health purpose se tracking karein, to unhe kuch relief diya gaya hai. Is tarah zaruri kshetron ko chhut mil gayi hai, jab jab wo bachchon ke benefits ke liye data process kar rahe hain.
  • Data Retention (डेटा रखने की अवधि): Rules me kuch deadlines batae gaye hain jab tak data rakh sakte hain. For example, large e-commerce, social media ya online gaming companies (jinke 50 lakh se 2 crore+ users hain) apne users ka personal data 3 saal tak rakh sakte hain, phir wo maane jayega ki unka purpose poora ho gaya. Iske pahle 48 ghante notice de kar users ko batana padega ki data delete hone wala hai.
  • Significant Data Fiduciary ki Additional Obligations: Naye rules SDFs ke liye kuch naye zaroori mamle la rahe hain. Jaise ki
    • SDFs ko har saal Data Protection Impact Assessment aur audit karna hoga, jiske results DPB ke saath share karne padenge.
    • SDFs ko ensure karna hoga ki unke algorithms ya automated processing Data Principals ke rights ko hurt na kare.
  • Consent Managers ka Phaith: DPDP Act me Consent Manager ka concept hai – ek aisa entity jo users ko ek centralized platform deta hai unka consent manage karne ke liye. Draft Rules me bataaya gaya hai ki Consent Managers ko DPB me register karna hoga aur kuch conditions poori karni hongi (jaise India me company ho, standard meet karein). Registration fail hone ya commitments na nibhaane pe unki registration cancel ho sakti hai.
  • Government Information Calls: Ab tak, Act me Central Govt ko kuch information maangne ka adhikar tha. Rules me ye specify hai ki kahan, kaun information maang sakta hai. Jaise agar national security ka sawaal hai to koi secret officer, ya SDF ko notify karne ke liye MeitY ka officer information le sakta hai.
  • Data Protection Board ki Shanthi: Rules me clarity hai ki Data Protection Board ke chairperson aur members ko appoint karne ke liye search-committees banenge. Matlab officially board bhi banega.

Ye sab naya zikr hai jo companies aur startups ko data manage karne me clear guidelines dega. Ye “Data Consent Law India” ke parts hain jisse aapka data protected rahega.

Rozmarra ki Zindagi me Examples: Kanoon ka Kya Asar Hoga?

Ab hum kuch aasaan example dete hain ki ye naya kanoon aapke daily life me kaise kaam karega:

  • Shopping App Example: Maan lijiye aap ek online shopping app install karte hain. Pehle aapko privacy notice dikhega jisme bataya jayega ki app aapka address, mobile number, payment details kyon maang raha hai. Aap kisi checkbox par click karke “haan” consent dete hain. Ab agar app ne aapka data bina bataye third party (jaise advertisers) ko de diya, to ye kanoon ke khilaaf hai. Aap DPDP Act ke under complain kar sakte hain. Company ko notice violation pe ₹50 crore tak ka fine ho sakta hai.
  • Data Breach Notification: Sochiye ek email service me hack ho gaya aur users ke emails leak ho gaye. DPDP Act/Rules ke mutabik service provider ko 72 ghante me DP Board aur uske sare affected users (Data Principals) ko notify karna padega. Agar unhone ghante me intimation nahi diya, to ₹200 crore tak ka jurmana ho sakta hai . Matlab aapko khud pata lagega ki aapka data leak hua ya nahi – koi secret me chupa hua option nahi.
  • Bachhon ki Data Protection: Ek EdTech website (jo school students ke courses chalati hai) ne students ke personal email address ya browsing habits bech diye ek marketer ko. Draft rules ke hisab se ye prohibited hai. Company ko pehle parents ki sahmati verify karke liye bina aisa nahi karna chahiye tha. Is tarah ki violation pe ₹200 crore tak ka fine lag sakta hai. Yeh example hume sikhata hai ki bachhon ke data ko kisi bhi marketing ke liye nahi exploit kar sakte.
  • Consent Withdraw Example: Aap ek music app me sign up kar lete hain aur aapke contacts access de dete hain (kyunki shayad aapke dost sync karne the). Kuch mahine baad aap chahte hain ke ye app aapke contacts use na kare. DPDP Act ke under aap app ke settings ya consent dashboard me jaake “withdraw consent” kar sakte hain. App ko reasonable time me processing rok dena chahiye. Yadi app ignore karta hai to DP Board complaint kiya ja sakta hai.
  • Online Game Example: Ek online game platform aapki profile data ko share karke spam ads bhejta hai. Ab aap demand kar sakte hain ki wo aapka pura data delete kare. Company ko aapki request comply karni hogi, aur aapko batana hoga ki data kab tak delete kar diya jayega. Agar company ignore kare to Act ke under fine bhi ho sakta hai.
  • Cross-border Data Flow: Aapka bahut saara personal data India me store hai, phir bhi agar koi company isko bahar kisi country me bhejti hai, to wo sirf un deshon me bhej sakti hai jinhe govt ne whitelist kiya hai (maane ki koi restriction wahan nahi lagi ho). Ise company ko dhyan me rakhna hoga. Iska matlab aapka data safe region me hi rahega, aur koi unauthorized desh me nahi jayega.

In udaharano se pata chalta hai ki naye kanoon se aam user ko adhikar milte hain aur companies ko zimmedariyan. Agar ye sab rules follow kiye gaye to aapka data zyada surakshit rahega. Agar nahi, to companies par bhari jurmane bhi lag sakte hain.

Users ke Key Rights

Naye DPDP Act ke tehat aap (Data Principal) ke kuch mahatvapurn adhikar hain. Niche kuch mukhya rights ko samjhaaya gaya hai:

  • Access Right (Jaan’ne ka Adhikar) – Aap jaan sakte hain ki kaun kaunse personal data points ek company aapke baare me rakh rahi hai. Aap request karke unka summary aur jin agencies/companies ke saath data share hua unka zikr pa sakte hain.
  • Correction/Erasure (Sudhar & Mitaane ka Adhikar) – Agar aapke data me koi galti hai (jaise name misspelt ho gaya, ya address purana ho gaya), to aap company se sudharne ke liye keh sakte hain. Aap “delete my data” bhi maang sakte hain jab wo data ab jaruri na ho. Company ko ye karna hoga agar aapka request valid hai.
  • Consent wapas lene ka Adhikar – Aap jab chahein apni sahmati wapas le sakte hain. Matlab pehle jo bhi aapne data share karne ko mana kiya, baad me aap kah sakte hain “hum please meri sahmati hata do aur mere data ka use band karo.” Data Fiduciary ko turant aur reasonable time me aapka data processing rok dena chahiye.
  • Grievance Redressal – Agar aapko lagta hai ki aapke personal data ka misuse hua ya aapke rights violate hue, to aap data fiduciary (company) ke through complaint register kar sakte hain. Companies ko complaint mechanism provide karna hoga. Aap Judicial remedies bhi le sakte hain.
  • Nominate Karne ka Adhikar – Data Principal mar jaaye ya incapacity ho jaye (jaise mental illness ya disability), to wo pahle se apne adhikar kisi aur (jaise relative) ko nominate kar sakta hai. Is se aapke data rights responsible haathon me transfer ho jayenge.

In rights ka use karke aap apna personal data control kar sakte hain. Act kehta hai ki data fiduciaries ko ye rights batana hi hoga jab bhi wo aapse data le rahe hain.

Companies ki Jimmedariyan aur Penalties

हमारे Official चैनल से जुड़ें

Latest अपडेट और महत्वपूर्ण जानकारी सीधे पाएं!

WhatsApp Logo Join WhatsApp Telegram Logo Join Telegram

DPDP Act me companies (data fiduciaries) ke liye kuch niyamit dayitva aur consequences likhe gaye hain:

  • Dayitva (Zimmedari): Data collect karne se pehle notice/purv suchna deni hogi jisme purpose, data ka type, aapke adhikar sab likhe honge. Companies ko reasonable security measures lagani hongi – jaise data encryption, secure servers, multi-factor authentication, access logs, backups, etc. Agar companies APIs ya third-party ka istemal karti hain, to un processors ko bhi same safeguards apply karna hota hai. Data breach hone par DPB aur affected users ko bataana hoga. SDF ko DPO appoint karna aur regular audits (internal audits, impact assessments) karne honge. Consent management ko track karne ke liye systems maintain karne honge. Saath hi, agar koi officer ya regulator data mangta hai (sovereignity/security ke liye), to companies ko woh data dena hoga.
  • Penalties (Jurmaaney): Ab tak ki adhikansh provisions agar violate hue to bahut bade fines hain. Upar dekhe jaise:
    • Data Suraksha fail hone par ₹250 crore tak.
    • Breach intimation nahi karne par ₹200 crore tak.
    • Bachchon ke rules todne par ₹200 crore.
    • SDF duties fail karne par ₹150 crore.
    • Any other violation par ₹50 crore tak.
    • (Data Principal apna farz na nibhae to ₹10,000 tak.)

Maan lijiye koi company ne User ka paisa chhupa liya ya credit card ki details leak kar di – to wo ₹250 crore tak ki penalty dega. Agar koi company bachchon ka personal data unauthorized tareeke se ad banaane me use kare, to ₹200 crore tak lag sakte hain. Ye saari fines itni zyada hain ki companies ko seriously security measures lagane par majboor karta hai.

  • Prasangik NiyamData Localisation ke liye abhi koi specific mandatory nahi hai, par draft rules me committee se suggestions aane wali hain ki SDF apna data India se bahar na bheje. Future me is par sakht policy aa sakti hai. Consent Managers ke liye companies ko ensure karna hoga ke unke chosen platforms registered ho. In sab cheezon ka non-compliance pe penalty ho sakti hai.

Ye sare guidelines sab mil kar ek accountable data environment banayenge. Agar company law follow nahi karegi, to DPB bada jurmana laga sakta hai ya compliance order de sakta hai. Isliye companies ko ab se hi apna privacy framework taiyar karna hoga: secure infrastructure, consent management system, audit process, aur grievance redressal setup karna hoga.

Simple Words Mein Samjhein

  • Aapka Data, Aapka Haq – Naye kanoon kehta hai ki aapka personal data apka hi hai aur aapko ispar control hona chahiye. Jo bhi app ya site aap use kare, wo sabse pehle bataye ki wo kaun sa data kyon le raha hai, aapko kya adhikar milenge, aur aap apni sahmati kabhi bhi wapas le sakte hain.
  • Saaf Safaai (Transparency) – Companies ko ab saaf aur seedhe shabdon me policies dikhani hogi. Hidden clauses ya chhupane ki koshish allowed nahi. Data breach ho to turant bataana padega, chahe chhupaao mat. Aapko pata hona chahiye jab bhi aapke baare me kuch ho raha ho.
  • Security pe Zor – Kanoon companies se kehta hai “apni taraf se poori mehnat karo, data safe rakho”. Iske liye unko encryption, firewall, audits aur reasonable safety measures rakhne padenge. Agar wo dhyan na dein, to khatra ho, toh bohot bada fine bhugatna padega.
  • Naye Kanoon se Fayda – As a user, aapko ab adhikaar milenge: apna data dekhna, sudharna, delete karvana, sahmati dena/thane dena. Agar koi in rules ko todta hai, to woh khud dandit hoga. Isse companies ko motivate milega ki wo aapka data misuse na kare.
  • Samjhe Inam Aur Jamaana (Liability) – Agar aap kisi service pe galat information deke kisi scheme ka faida uthaate ho, to aapko ₹10,000 tak fine ho sakta hai. Matlab kanoon sab ke liye hai – user ho ya company, sabko niyam follow karne hain.

Naye DPDP Act aur Draft Rules, samanya bhaasha me samjhe to, yeh ek framework hai jisse aapka digital jeevan surakshit rahega aur companies aapka data zaroorat se zyada use nahi kar payengi.

FAQs

Q1: DPDP Act 2023 kya hai aur kab apply hoga?
A1: DPDP Act, 2023 Bharat ka naya digital data protection kanoon hai. Yeh Act 11 August 2023 ko President ki assent ke baad enact hua, lekin abhi tak iska implementation date announce nahin hua hai. Centre jab notification jari karega, tab se hi provisions enforce honge. Abhi tak hum draft rules (DPDP Rules 2025) par kaam kar rahe hain.

Q2: Digital personal data kya hota hai?
A2: “Digital personal data” ka matlab hai jo bhi information aapke bare me digital form me hai aur jisse aapki pehchaan ho sakti hai. Jaise aapka naam, email, mobile number, address, photo, financial info, location data, health records, behavioral info, wagairah. Agar data kisi real person ko identify kar sakta hai, to wo personal data ke under aata hai.

Q3: Consent kya hona chahiye Act ke mutabik?
A3: Consent dena hai free, specific, informed, unconditional aur clear (unambiguous) tareeke se. Matlab aapko bina jhooth-bole, bina force ke, ekdum samajhdari se haan bolna hai. Agar app sirf ek box check karne se nahi poochti, ya confusing shabdon me poochti hai, to wo consent nahi maana jayega. Example ke liye agar koi telemedicine app aapse health data ke saath saath aapke contacts bheet raha hai, to wo illegal ho sakta hai kyunki wo unrelated data maang raha hai. Aap consent kabhi bhi wapas le sakte hain (withdraw).

Q4: Mere kya rights hain apne data ke maamle me?
A4: Aap ke paas kuch mukhya adhikar hain:

  • Access aur Jaankari: Aap pooch sakte ho “meri kaunsi personal details tumhare paas hain?” Company aapko summary batayegi.
  • Correction/Update: Agar koi galti hai (jaise mobile number galat hai), to wo sahi karvayiye.
  • Delete (Mitaana): Agar data ka kaam khatam ho gaya ho, ya aapne consent wapas le liya, to data deletion ki request kar sakte hain.
  • Consent Wapas Lena: Jab chahe aap “meri sahmati hatao” bol sakte hain, aur processing rokni hogi.
  • Complaint karna: Data misuse lagne par company ke paas ya DP Board ke through appeal kar sakte hain.
    Ye adhikar use karke aap apne data par control rakh sakte hain.

Q5: Agar company data leak kar de to kya hoga?
A5: Agar aapka data leak ho jaye (cyber attack, hacking, etc.), to company ko turant Data Protection Board aur aapko (as affected Data Principals) notify karna hai. Ye notification 72 ghante ke andar dena hoga. Agar company ye nahi karti, to uspar ₹200 crore tak ka fine lag sakta hai. Is rule ka matlab hai ki aapko time par khud pata chal jayega agar aapka data kharaab hua hai.

Q6: Bachchon ke data ke liye kya alag rules hain?
A6: Haan. Agar bachcha (minor) hai, to companies parent ya guardian ki pehchan karke unse sahmati legi. Rules me parent ka proof mangne ke tareeke bataaye gaye hain. Kuch cases me exceptions hain – jaise schools aur doctors bachchon ke health/safety ke liye tracking kar sakte hain bina extra consent ke. Bachchon ko targeted ads ya behavioral marketing nahi kiya ja sakta (rules me abhi finalize hone wale hain).

Q7: Penalties kitni hain? (Company ke liye sabse zyada fine)
A7: DPDP Act ke tehat bahut badi penalties rakhi gayi hain taaki companies chook na kar sake. Sabse zyada ₹250 crore ka fine hai agar data security safeguards fail ho jaye (matlab aapka data bhari breach ho jaye) . Dusre main penalties: ₹200 crore for breach notification/ bachchon ka data rule todne par, ₹150 crore for SDF obligations fail karne par, aur ₹50 crore anya violations par. Data Principal ki taraf se agar koi galat information di jaaye to sirf ₹10,000 tak hota hai. In se show hota hai ki companies ko strict karwai ki jayegi.

Important Rights & Penalties (Table)

Pravadhan/ScenarioMaximum Penalty (Company ke liye)
Data Security Safeguards – Koi org agar reasonable security measures fail karti hai (encryption, access control) aur data breach hota hai.Up to ₹250 crore
Breach Notification – Company ne data breach me 72 ghante me DP Board aur affected users ko inform nahin kiya.Up to ₹200 crore
Children’s Data Rules – Bachchon ka personal data consent ke rules ke bina ya target marketing ke liye use kiya.Up to ₹200 crore
Significant Data Fiduciary Duties – Badi companies ne DPO appoint, audit/DPIA required actions nahi kiye.Up to ₹150 crore
Any Other Violation – Act ke kisi anya niyam ka violation (catch-all category).Up to ₹50 crore
Data Principal Misuse – Data subject ne bhi rules tod kar galat info di (e.g. fraud ke liye).Up to ₹10,000

Note: Upar wale fines companies (Data Fiduciaries) ke liye hain. In fines se pata chalta hai ki sarkar data protection ko kitna gambhirta se dekh rahi hai. Companies ko security pe invest karna hoga aur users ke rights ka dhyan rakhna hoga, warna bhari jurmaane bharne pad sakte hain.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top