Objective
The DPDP Act does not contain a mandated transitional period akin to the two-year gap between the 2016 enactment of the GDPR and its entry into force in May 2018.
The Government is given the power to decide when different parts of the Act, including the section that governs the creation of the new Board, will become effective.
Currently, the DPDP Act does not limit the transfer of personal data from India to other countries. It assumes that transfers can happen without any restrictions, unless the Government imposes restrictions on certain countries (such as blacklisting) or introduces other forms of limitations (as mentioned in Section 16).
This is a significant departure from previous instances of the Act, which at one point contained data localization obligations (2018) and evolved at another point into “whitelisting“ of countries (2022).
It should also be noted that other existing sectoral laws (e.g., those governing specific industries like banking and telecommunications) already contain restrictions on cross-border transfers of particular kinds of data. The DPDP Act clarifies that the new law will not affect existing localization mandates.
The 19th country among the G20 members to pass a comprehensive personal data protection law – which it did during its tenure holding the G20 Presidency.
The law provides significant exceptions for the central government and other government bodies, the degree of exemption depending on their function (such as law enforcement).
The Act also empowers the central government to act upon a notification by the Board and request access to any information from an entity processing personal data.
Related Courses
Related Courses
.jpg)