India’s new Digital Personal Data Protection (DPDP) Act 2023 is changing the way businesses handle personal information. It is designed to give people more control over their data, and it has important implications for retailers.
Key Provisions of the DPDP Act
1. Consent Management
Businesses must get clear and informed permission from customers before collecting or using their personal data. This means having systems in place to manage and record consent properly, ensuring compliance and building trust.
2. Consumer Rights
The DPDP Act gives consumers several important rights:
- Right to Access: See what personal data a business holds.
- Right to Correct: Fix any mistakes in their data.
- Right to Delete: Ask for their data to be removed.
- Right to Withdraw Consent: Stop data processing at any time.
- Right to Complain: Raise issues if they feel their data is misused.
Businesses need clear processes to handle these requests efficiently.
3. Responsibilities of Businesses
Companies that decide how and why data is used are called Data Fiduciaries. They must keep data safe with proper security measures and are responsible if there’s a data breach.
4. Protecting Children’s Data
Special rules apply when handling children’s data. Businesses must get verified parental consent and cannot target children with ads or track their online behavior.
5. Grievance Redressal
Businesses must have a system to handle data-related complaints quickly. This may include appointing a Data Protection Officer or Consent Manager to manage issues.
What This Means for Retailers
- Collecting Data at Checkout
Retailers can no longer force customers to share personal information, like phone numbers, in public spaces such as billing counters. - Stronger Data Systems
Secure storage and encryption of customer data is now essential. Regular audits and strong vendor contracts are important. - Vendor Accountability
Retailers are responsible for ensuring that any third-party vendors handling data also follow the rules. - Collect Only What’s Needed
The Act encourages businesses to collect only the data necessary for a specific purpose and keep it only as long as required. - Penalties for Non-Compliance
Ignoring the rules can be costly, with fines of up to ₹250 crore for serious violations.
Click here to view the detailed official document.
