The landscape of data protection is continuously evolving, and understanding the various laws that govern personal data is crucial for businesses and individuals alike. In this blog, we delve into the intricacies of the General Data Protection Regulation (GDPR) in the European Union and the Data Protection and Digital Personal Data Protection Act (DPDPA) in India, highlighting their territorial and subject-matter scopes.
Territorial Scope:
GDPR | DPDPA |
The DPDPA, focusing on India, applies to: Digital personal data processed within Indian territory. Data processing outside India if it’s linked to offering goods or services in India. However, it exempts offshore entities in specific circumstances, such as when processing is done on behalf of a foreign data fiduciary, and only relates to foreign data principals. | The DPDPA, focusing on India, applies to: Digital personal data processed within Indian territory. Data processing outside India if it’s linked to offering goods or services in India. However, it exempts offshore entities in specific circumstances, such as when processing is done on behalf of a foreign data fiduciary and only relates to foreign data principals. |
GDPR | DPDPA |
The GDPR is applicable to: All forms of personal data. Both automated and non-automated processing if the data is part of a filing system. However, it excludes anonymous data, personal data used for personal/household purposes, and processing by law enforcement and national security agencies. | The DPDPA covers: Both automated and non-automated processing of digital and non-digital personal data, including data that is later digitized. Exclusions are similar to the GDPR, with additional exemptions for legal enforcement, judicial functions, and certain business activities like mergers and acquisitions. |
GDPR | DPDPA |
Personal data is defined as any information related to an identified or identifiable natural person, known as the data subject. This includes data that allows direct or indirect identification of the person, considering all means reasonably likely to be used. | Personal data under the DPDPA refers to any information about a natural person that makes the individual identifiable, either by or in relation to that data. |
GDPR | DPDPA |
GDPR distinguishes “special categories of personal data,” which encompass: Racial or ethnic origin. Political opinions, religion, or philosophical beliefs. Trade union membership. Genetic and biometric data for unique identification. Health information. Data concerning sex life or sexual orientation. Data related to criminal convictions and offenses, while not in this special category, is governed by specific EU or member state laws. | In contrast, the DPDPA does not differentiate between personal data and sensitive personal data. All personal data is treated uniformly without separate classification. |
GDPR | DPDPA |
Controller: Determines the purposes and means of processing personal data. Processor: Processes personal data on behalf of the controller. Data Subject: The individual whose personal data is processed. | Data Fiduciary: Determines the processing means and purposes of personal data. Data Processor: Processes data on behalf of the data fiduciary. Data Principal: The person to whom the data relates. This includes children and persons with disabilities, represented by parents or legal guardians. Consent Manager: Facilitates data principals in managing their consent. Significant Data Fiduciaries: Identified by the government based on various factors, these fiduciaries have additional obligations. |
The Digital Personal Data Protection Act (DPDPA), 2023, represents a major step forward in India's…
The concept of Protected Health Information (PHI) has gained significant importance in the modern digital…
The growing number of digital tools such as mobile phones, the Internet, e-commerce, and social…
Regulatory bodies are important for determining the path of banking in an evolving financial environment.…
In today's digital world, our personal information is incredibly valuable. It shapes our online experiences,…
The recent implementation of the Digital Personal Data Protection Act (DPDPA) has ushered in a…