To print this article, all you need is to be registered or login on Mondaq.com.
Recognizing the need to protect privacy rights of the
individuals (“Data Principal”), the Digital Personal Data
Protection Act, 2023 (DPDPA) provides the Data Principals with the
following rights: (i) right to obtain information on personal data
processing by the Data Fiduciary; (ii) right to correct, update or
erase her personal data; (iii) right to nominate someone else in
the event of her death or incapacity to exercise her rights; and
(iv) right to withdraw consent.
Besides the rights, the Data Principals may also have other
grievances related to Data Fiduciary’s performance of its
obligations under the DPDPA.
DPDPA, in consideration of the above purposes, mandates the
establishment of a mechanism by a Data Fiduciary to redress the
grievances of Data Principals and to enable them to exercise their
rights.
Whether the Data Protection Officer (DPO) can be the go-to
person for the grievance redressal mechanism, or should there be a
separate grievance officer? Where the Data Fiduciary is a
significant data fiduciary under the DPDPA, the Data Protection
Officer should be the point of contact for the grievance redressal
mechanism.
In case of non-significant data fiduciary, there would be no
obligation for the Data Fiduciary to appoint a DPO, which negates
the need to have the DPO as the point of contact for grievance
redressal mechanism.
That said, in lieu of the DPO, DPDPA requires such data
fiduciary to publish the contact details of the person who can (i)
communicate with the Data Principals to assist with their rights;
and (ii) handle the queries of Data Principals on processing of
their personal data by Data Fiduciary and assist with the rights
under the DPDPA (Privacy Officer).
DPDPA clarifies that DPO should be based in India as a
representative of a significant data fiduciary and be an individual
responsible to its Board of Directors or similar governing body.
DPDPA, however, does not specify similar requirements for a Privacy
Officer.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Privacy from India
#Grievance #Redressal #Mechanism #Data #Protection #Officer #DPDPA #Privacy #Protection
