Question 1

What is India's DPDPA and when does it apply?

Accepted Answer

The Digital Personal Data Protection Act 2023 introduces consent-based data processing, data fiduciary obligations, and significant penalties. Cleo tracks its phased implementation timeline.

Question 2

Does India require data localization?

Accepted Answer

The RBI mandates that all payment system data be stored exclusively in India. The DPDPA allows cross-border transfers to approved countries but the government can restrict transfers to specific nations. SEBI also requires certain financial data to remain in India. Cleo maps applicable localization requirements by sector.

Question 3

What are the penalties under India's DPDPA?

Accepted Answer

The DPDPA imposes penalties of up to INR 250 crore (approximately EUR 28 million) per violation. The Data Protection Board of India adjudicates complaints and can order compensation. Penalties apply to both data fiduciaries and data processors who fail to implement adequate security safeguards.

GDPR compliance in India

Enforcement authority

Maximum sanctions

Key obligations

Local context in India

GDPR by industry in India

Frequently asked questions

GDPR in other jurisdictions

Check your GDPR compliance now