What is DPDPA Chapter III (Rights of Data Principal)?

Chapter III of the Digital Personal Data Protection Act (DPDPA) outlines the fundamental rights granted to Data Principals (individuals whose data is processed). These rights form the backbone of individual data protection under Indian law and place corresponding obligations on Data Fiduciaries. The rights include the right to information about processing activities, the right to correction and erasure of personal data, the right to grievance redressal, and the right to nominate another person to exercise these rights in case of death or incapacity.

The right to information under Section 11 requires Data Fiduciaries to provide Data Principals with a summary of the personal data being processed and the processing activities. The right to correction and erasure under Section 12 allows Data Principals to request correction of inaccurate or misleading data, completion of incomplete data, updating of outdated data, and erasure of data that is no longer necessary for the purpose for which it was collected. The right to grievance redressal under Section 13 requires Data Fiduciaries to establish accessible mechanisms for addressing Data Principal complaints. Section 14 establishes the right of nomination, allowing Data Principals to designate someone to exercise their rights posthumously.

Organizations operating as Data Fiduciaries in India must implement processes to receive and respond to Data Principal requests efficiently. IQWorks facilitates this through SearchIQ for locating a Data Principal's information across systems, DiscoverIQ for maintaining comprehensive data inventories, and automated workflows through ComplyIQ for processing rights requests within regulatory timeframes.