-
Know your data
- Map all data sources across forms, APIs, logs, and tools.
- Track the flow of data from its origin to storage and how it is accessed and shared.
-
Minimize and retain data intelligently
- Ensure systems collect and retain only the necessary data.
- Automate deletion or anonymization workflows once the retention period expires.
-
Protect user rights
- Build workflows for data access, correction, and deletion.
- Verify identities and log every request related to data access and management.
-
Ensure default security measures are periodically verified
- Always encrypt data, including while it is in transit or at rest.
- Enforce role-based access controls and least privilege access to data.
- Conduct regular vulnerability assessments and penetration tests.
-
Manage third-party risks
- Ensure all vendors handling personal data align with DPDPA requirements.
- Implement encryption, access restrictions, and the segmentation of shared datasets.
- Enforce periodic audits and SLAs.
-
Be prepared to respond to breaches
- Maintain a clear incident response plan with clear roles, escalation paths, and decision timelines.
- Enable rapid impact assessments and notifications during a breach.
-
Prove compliance
- Keep logs on access, consent, deletion, breaches, data sharing, and more.
- Maintain audit-ready systems.
-
Train and report
- Conduct periodic training on secure data handling and privacy obligations.
- Perform internal audits across teams.
- Inform leadership of privacy and data protection risks.