The Digital Personal Data Protection Bill (DPDPB) 2022 is a draft bill published by the Ministry of Electronics and Information Technology in November 2022, which aims to govern the privacy and protection of digitalized data in India. It has its inspiration from the European Union’s General Data Protection Regulation (GDPR) and aims to provide for the processing of digital personal data while recognizing both the right of individuals to protect their data and the need to process personal data for lawful purposes. In this blog, we will explore what is DPDPB and how it differ from GDPR?
ThE Digital Personal Data Protection Bill (DPDPB) applies to personal data, including digitalized personal data but has no classifications for sensitive data. In contrast, GDPR includes special categories of data, also referred to as sensitive data, which includes racial or ethnic origin, genetic data, biometric data, etc. Another difference is that the DPDPB applies only to digitalized data and not to offline data, while the GDPR applies to all forms of records, including digital and paper records.
In terms of territorial scope, the DPDPB applies to the processing of digital personal data of individuals within the territory of India, where such data is collected from data principles online, and when personal data is collected offline and digitized. On the other hand, the GDPR applies to individuals who are residents of the European Union and organizations based in the EU that are established in the EU or use equipment in the EU to process data.
Both the DPDPB and GDPR have extraterritorial applicability. The DPDPB applies to the processing of digital personal data outside the territory of India when such processing relates to any profiling or offering goods or services to data principles located within the territory of India. Similarly, the GDPR applies to businesses based outside the EU that process data of data subjects in the EU in connection with the offering of goods or services or monitoring of the behavior of individuals in the EU. It also applies to the processing of personal data by a controller not established in the Union but in a place where a Member State applies under public international law.
Organizations that collect the data of data subjects should be aware of the extraterritorial scope of these regulations as they are obliged to inform the purpose for which data is used, transparency, lawfulness in collecting data, and obtaining freely given consent from data subjects.
About Concur – Harmonizing Data Compliance
Concur is a technology company that provides a suite of enterprise solutions to help organizations manage their data compliance and other business operations. Our solutions include consent management, digital policy management, legacy customer notice guidelines, data principal rights solutions, and more. With a focus on innovation and the use of blockchain technology, Concur helps enterprises to stay compliant with various regulations such as DPDPB, while streamlining their operations and enhancing overall efficiency. Additionally, they offer dedicated support through their Support Center to ensure customers have the assistance they need to achieve their compliance goals.