The following document elaborates on how Endpoint Central can help enterprises achieve certain requirements of India's Digital Personal Data Protection Act.
The Constitution of India guarantees the right to privacy under Articles 14, 19, and 21, and the Supreme Court of India, in its landmark ruling K. S. Puttaswamy vs. Union of India, reaffirmed this in 2017. Since the GDPR came into force, the Indian government has been trying to enact a personal data protection law. After multiple iterations and suggestions, India finally passed the Digital Personal Data Protection Act (DPDPA) in Parliament on Aug. 9, 2023.
Before we take a deep dive into this act, here are some useful explanations for the terminologies it uses:
The individual to whom the data relates (e.g., you are the data principal if you provide your name, email address, and phone number for a dinner reservation)
An entity, such as a business, that intends to collect personal information for various purposes (e.g., if a restaurant is collecting your personal details for a dinner reservation, it becomes a data fiduciary)
An entity that processes personal data on behalf of a data fiduciary (e.g., a third-party app helping the restaurant enable the booking of dinner reservations)
The scope of the act extends throughout Indian territory and when physical data is digitized. The act also applies when data pertaining to Indians is processed outside of India.
The cross-border flow of personal data is restricted to countries notified by the Indian government. (Yet to be notified)
Personal data can be obtained and processed after receiving explicit consent from the data principal. In some legitimate cases, explicit consent is not required.
A business collects personal data for various purposes, thus assuming the role of data fiduciary. The act mandates that data fiduciaries:
Maintain the accuracy of the data.
Prevent data from getting breached.
Ensure the data is deleted once the purpose is met.
The data principal has the right to obtain more information and request erasure, correction, and redress for grievances.
This board will judge cases of noncompliance with the bill's provisions. The board's verdict can be counter-appealed before the Telecom Disputes Settlement and Appellate Tribunal (TDSAT).
The Indian government may classify a data fiduciary or a class of data fiduciaries as significant based on the:
Volume and sensitivity of the data it processes.
Risk of harm to the data principal.
Potential impact on the sovereignty and integrity of India.
Noncompliance will result in a penalty of up to 250 crores.
Ensuring data protection and thus the right to privacy for individuals without much disruption to the normal conduct of businesses
Ensuring ease of living for individuals
Enabling ease of doing business for enterprises
Enabling the thriving digital ecosystem in India
According to IBM's Cost of a Data Breach Report 2023, "the global average cost of a data breach in 2023 was USD 4.45 million, a 15% increase over three years." The report also mentions that around 51% of organizations plan to increase security investments, "including incident response (IR) planning and testing, employee training, and threat detection and response tools."
Personal data breaches are very sensitive because the right to privacy is a fundamental right in India. Besides costing your business financially and incuring hefty penalties, a personal data breach could ruin your company's reputation.
That is why you need Endpoint Central, the comprehensive endpoint management and security suite from ManageEngine. Bundled with multiple security features, Endpoint Central helps you keep your data safe and secure.
A powerful data leakage prevention capability that lets you detect and classify personally identifiable information (PII) and have complete control over how data flows in your IT environment by configuring policies on data transfers through cloud and peripheral devices
Geofencing to define the perimeter of your devices (and thus the data on them) within your office's premises
Remote wiping of data to ensure your data does not get leaked, even if the corporate device is lost
Patented ransomware protection that alerts you about unusual file movements and helps you create an unerasable data backup
A Data Protection Officer Dashboard capable of giving actionable insights on the vulnerability status of your endpoints, BitLocker-encrypted devices, endpoints nearing the end of life, user access controls, firewalls, and much more
Role-based access controls for your IT admins to prevent accidental data leakage
There is more to tell about how our solution can help you comply with India's DPDPA. That is why we encourage you to try it by downloading or signing up for our product, which is absolutely free for 30 days.
Digital Personal Data Protection Act 2023