{"id":299820,"date":"2023-08-22T15:00:26","date_gmt":"2023-08-22T09:30:26","guid":{"rendered":"https:\/\/www.scconline.com\/blog\/?p=299820"},"modified":"2023-09-04T17:41:58","modified_gmt":"2023-09-04T12:11:58","slug":"indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector","status":"publish","type":"post","link":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/","title":{"rendered":"India&#8217;s Digital Personal Data Protection Act, 2023 \u2014 Impact on Hospitality Sector"},"content":{"rendered":"<style>\na:hover {<br \/>\n\tcolor: blue;<br \/>\n\tfont-weight: bold;<br \/>\n}<br \/>\n<\/style>\n<div style=\"text-align: justify; line-height: 150%;\">\n<p style=\"margin-bottom: 3%;\">The hospitality sector (encompassing restaurants, hotels, and other hospitality establishments) is no stranger to handling vast amounts of personal data. From guest information, employee data to transaction records, this sector deals with a plethora of sensitive information daily. With the implementation of the Digital Personal Data Protection Act, 2023 (DPDP Act) in India, the hospitality sector is presented with new challenges and opportunities for enhancing data protection practices. This article delves into how the hospitality sector can ensure compliance with the DPDP Act, considering its complex ownership structures and diverse data management systems.<\/p>\n<p style=\"margin-bottom: 3%;\">One of the unique challenges in the hospitality sector is its intricate ownership structure. Restaurants, hotels, and other establishments often involve franchisors, individual owners or groups of owners, operator\/management companies. Each entity may use separate systems to store and manage personal data, leading to the complex movement of information across these systems. This complexity can create vulnerabilities in terms of data protection.<\/p>\n<h4 style=\"background-image: linear-gradient(to left, #FFFFFF, #79a4d2);\">Data breach: A costly lesson<\/h4>\n<p style=\"margin-bottom: 3%;\">In its inaugural year, the European Union&#8217;s General Data Protection Regulation (<span style=\"font-weight: bold;\">GDPR<\/span>) recorded thousands of reported cases<a id=\"fnref2\" title=\"1. 1 Year GDPR \u2014 Taking Stock. Available at: https:\/\/edpb.europa.eu\/news\/news\/2019\/1-year-gdpr-taking-stock_en\" href=\"#fn2\"><sup>1<\/sup><\/a>, potentially subjecting companies to fines of up to \u20ac20 million or 4% of total worldwide annual turnover of the preceding financial year, whichever is higher.<\/p>\n<p style=\"margin-bottom: 3%;\">An exemplary instance involves a prominent international hotel chain, which faced grave repercussions due to a data breach originating in 2014 but only detected in 2018. The breach compromised sensitive information, like credit card details and passport numbers, of over 300 million guests stored within the global guest reservation database of a brand acquired by this hotel chain.<\/p>\n<p style=\"margin-bottom: 3%;\">This incident ranks among the largest data breaches in history, serving as a vivid reminder of the hospitality sector&#8217;s susceptibility to risks. It underscores the criticality of data protection in this sector. To avert such consequences within the Indian hospitality landscape, businesses must proactively shield personal data from unauthorised access, usage, disclosure, and destruction by adhering to the provisions of the DPDP Act, the <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-0002796572\" target=\"_blank\" rel=\"noopener\">Information Technology Act, 2000<\/a>, along with its rules and regulations, as well as follow directives from the Indian Computer Emergency Response Team (CERT-In) regarding &#8220;cybersecurity incidents&#8221; reporting obligations.<\/p>\n<h4 style=\"background-image: linear-gradient(to left, #FFFFFF, #79a4d2);\">Applying the DPDP Act to the hospitality sector<\/h4>\n<p style=\"margin-bottom: 3%;\">The DPDP Act brings a significant shift in how personal data is managed and processed in India. Key features of the legislation, such as itemised notice, informed consent, purpose limitation, data processing principles, and rights of data principals<a id=\"fnref3\" title=\"2. The term \u201cdata principal\u201d is defined under the DPDP Act as \u201cthe individual to whom the personal data relates and where such individual is\u2014 (i) a child, includes the parents or lawful guardian of such a child; (ii) a person with disability, includes her lawful guardian, acting on her behalf\u201d.\" href=\"#fn3\"><sup>2<\/sup><\/a> (akin to \u201cdata subjects\u201d), impact every sector, including the hospitality sector. Given the DPDP Act&#8217;s prioritisation of itemised notice and consent as the fundamental foundation for data processing, enterprises within the hospitality sector must ensure the transparency of their data collection and processing methods. It is imperative that guests, employees of any other entity from whom personal data is collected (information providers), are provided with comprehensive information regarding the utilisation of their data.<\/p>\n<p style=\"margin-bottom: 3%;\">While many global hospitality businesses adhere to data protection laws like GDPR, this alone may not fully address handling Indian data principals&#8217; personal data. Notable differences between GDPR and the DPDP Act warrant a separate review of practices to ensure compliance with the latter.<\/p>\n<p>There are several challenges posed by complex ownership structures and data management, owing to which businesses in the hospitality sector need to take a holistic approach to data privacy compliance. This includes:<\/p>\n<ul style=\"list-style-type: disc;\">\n<li><i>Fiduciary versus processors<\/i>: The DPDP Act recognises data fiduciaries<a id=\"fnref4\" title=\"3. The term \u201cdata fiduciary\u201d is defined under the DPDP Act as \u201d any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data\u201d.\" href=\"#fn4\"><sup>3<\/sup><\/a> (akin to \u201cdata controllers\u201d) and processors<a id=\"fnref5\" title=\"4. The term \u201cdata processor\u201d is defined under the DPDP Act \u201cas any person who processes personal data on behalf of a data fiduciary\u201d.\" href=\"#fn5\"><sup>4<\/sup><\/a>. Data fiduciaries bear liability for DPDP Act compliance, including in case of processing carried out by data processors on their behalf. In complex ownership scenarios, such as in hospitality, where ownership and operation entities differ, the entity determining processing purpose might not be the one executing it, necessitating clear responsibilities and agreements. Therefore, demarcating data fiduciaries and data processors within the structure and ensuring their DPDP Act compliance, especially through robust data protection agreements between such entities is vital.<\/li>\n<li><i>Extraterritorial applicability<\/i>: The DPDP Act has limited extraterritorial applicability and will extend to processing of digital personal data outside India, if such processing is in connection with an activity related to offering of goods or services to data principals within India.<\/li>\n<li><i>Privacy policies<\/i>: Given the interconnected nature of data flow within the hospitality sector, it is essential to establish privacy policies that all entities within the ownership structure adhere to. This ensures consistency in data handling practices and helps in complying with the new legislation&#8217;s transparency requirements.<\/li>\n<li><span style=\"font-style: italic;\">Data mapping and audit<\/span>: Businesses are required to conduct a thorough data mapping exercise to identify all touchpoints where personal data is collected, processed, and transferred. Regular data audits can help identify potential gaps in compliance and improve data protection measures. In fact, the DPDP Act mandates undertaking of data protection impact assessments for a certain class of data fiduciaries denoted as significant data fiduciaries.<\/li>\n<li><i>Notice and consent mechanisms<\/i>: Businesses are required to implement clear and comprehensive notice and consent mechanisms as per the DPDP Act that provide information providers with a detailed understanding of how their data will be used. Consent should be freely given, specific, and informed, aligning with the DPDP Act&#8217;s requirements. Once consent is obtained for processing personal data for a specific purpose, businesses need to ensure that the same is not used for any other purpose. For instance, a leading hospitality business in France-faced penalties due to GDPR violations. Their pre-checked consent box for newsletters was deemed invalid, and sending newsletters with unrelated services (for e.g., offers from third-party partners) not limited to services \u201canalogue\u201d to those already provided for the mentioned customers (hotel services) breached consent principles. This highlights the importance of accurate consent collection and purpose limitation.<\/li>\n<li><i>Children&#8217;s data<\/i>: Guests also include individuals under 18 years and in such cases, businesses need to ensure that secure \u201cverifiable consent\u201d from parents or lawful guardians prior to data processing is obtained. Processing data that might harm a child&#8217;s well-being is prohibited. Additionally, businesses need to refrain from tracking children&#8217;s behaviour or directing targeted ads at them as per the DPDP Act.<\/li>\n<li><i>Data security measures<\/i>: With the DPDP Act&#8217;s emphasis on data security, hospitality establishments must implement robust technical and organisational measures to safeguard guest information. Encryption, access controls, and regular security assessments are crucial to prevent data breaches. Businesses will also have to inform each affected individual in case of a personal data breach. Notably another leading hotel chain has been fined in the past inter alia for not disclosing information about breaches by the New York Attorney General.<\/li>\n<li><i>Rights of data principals<\/i>: The DPDP Act grants data principals&#8217; various rights, including right of grievance redressal, right of access, correction, updating and erasure of their personal data. The DPDP Act has also introduced the novel concept of \u201cconsent managers\u201d who will be persons acting as a single point of contact to enable data principals to give, manage, review, and withdraw their consent through an accessible, transparent and interoperable platform. Hospitality businesses must establish efficient processes to address information providers&#8217; requests related to these rights and liaise with such consent managers.<\/li>\n<li>\n<p style=\"margin-bottom: 3%;\"><i>Cross-border data transfer<\/i>: In the global hospitality sector, data often moves across borders. The DPDP Act allows this, except to government restricted territories. Businesses should prepare to relocate data from potential blacklisted territories and cease transfers there. If another law provides stronger data protection or transfer limits than the DPDP Act, it takes precedence. This applies notably to payment systems data, where regulations like the Reserve Bank of India&#8217;s data localisation mandate will supersede the DPDP Act.<\/p>\n<\/li>\n<\/ul>\n<p style=\"margin-bottom: 3%;\">The DPDP Act imposes substantial responsibilities on data fiduciaries in the hospitality sector. Businesses must proactively adopt appropriate technical and organisational measures to uphold data principal rights, ensuring compliance and avoiding significant penalties. Data protection is a shared responsibility and therefore all employees, trainees, etc. from frontline staff to management, must be wellversed in the DPDP Act&#8217;s provisions and the organisation&#8217;s policies. While the forthcoming rules under the DPDP Act will provide more guidance, current provisions emphasise the need for swift comprehension and alignment through thorough process review and decisive actions. With no specified transition period, organisations must begin preparations promptly.<\/p>\n<hr \/>\n<\/div>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><strong><span style=\"color: #000080;\"> \u2020 Partner, Khaitan &amp; Co.<\/span><\/strong><\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><strong><span style=\"color: #000080;\"> \u2020\u2020 Associate, Khaitan &amp; Co.<\/span><\/strong><\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn2\" href=\"#fnref2\">1.<\/a> <a href=\"https:\/\/edpb.europa.eu\/news\/news\/2019\/1-year-gdpr-taking-stock_en\" target=\"_blank\" rel=\"noopener\">1 Year GDPR \u2014 Taking Stock.<\/a> Available at: <a href=\"https:\/\/edpb.europa.eu\/news\/news\/2019\/1-year-gdpr-taking-stock_en\" target=\"_blank\" rel=\"noopener\">https:\/\/edpb.europa.eu\/news\/news\/2019\/1-year-gdpr-taking-stock_en<\/a><\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn3\" href=\"#fnref3\">2.<\/a> The term \u201cdata principal\u201d is defined under the DPDP Act as \u201cthe individual to whom the personal data relates and where such individual is\u2014 (<i>i<\/i>) a child, includes the parents or lawful guardian of such a child; (<i>ii<\/i>) a person with disability, includes her lawful guardian, acting on her behalf\u201d.<\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn4\" href=\"#fnref4\">3.<\/a> The term \u201cdata fiduciary\u201d is defined under the DPDP Act as \u201d any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data\u201d.<\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn5\" href=\"#fnref5\">4.<\/a> The term \u201cdata processor\u201d is defined under the DPDP Act \u201cas any person who processes personal data on behalf of a data fiduciary\u201d.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>by Supratim Chakraborty\u2020 and Himeli Chatterjee\u2020\u2020<br \/>\nCite as: 2023 SCC OnLine Blog Exp 68<\/p>\n","protected":false},"author":8808,"featured_media":299827,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[20271,47404],"tags":[16161,31903,60240,46260],"class_list":["post-299820","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-experts_corner","category-khaitan-co","tag-data-protection","tag-data-protection-laws","tag-digital-personal-data-protection-act-2023","tag-experts-corner"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.4 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>India&#039;s Digital Personal Data Protection Act, 2023 \u2014 Impact on Hospitality Sector | SCC Times<\/title>\n<meta name=\"description\" content=\"The hospitality sector (encompassing restaurants, hotels, and other hospitality establishments) is no stranger to handling vast amounts\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"India&#039;s Digital Personal Data Protection Act, 2023 \u2014 Impact on Hospitality Sector\" \/>\n<meta property=\"og:description\" content=\"The hospitality sector (encompassing restaurants, hotels, and other hospitality establishments) is no stranger to handling vast amounts\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/\" \/>\n<meta property=\"og:site_name\" content=\"SCC Times\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/scc.online\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-22T09:30:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-09-04T12:11:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/india-digital-personal-data-protection-act-2023.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"886\" \/>\n\t<meta property=\"og:image:height\" content=\"590\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Bhumika Indulia\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"India&#039;s Digital Personal Data Protection Act, 2023 \u2014 Impact on Hospitality Sector\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Bhumika Indulia\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2023\\\/08\\\/22\\\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2023\\\/08\\\/22\\\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\\\/\"},\"author\":{\"name\":\"Bhumika Indulia\",\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/#\\\/schema\\\/person\\\/919ec47cc1b871b362af05740398033a\"},\"headline\":\"India&#8217;s Digital Personal Data Protection Act, 2023 \u2014 Impact on Hospitality Sector\",\"datePublished\":\"2023-08-22T09:30:26+00:00\",\"dateModified\":\"2023-09-04T12:11:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2023\\\/08\\\/22\\\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\\\/\"},\"wordCount\":1484,\"commentCount\":3,\"image\":{\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2023\\\/08\\\/22\\\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/india-digital-personal-data-protection-act-2023.webp\",\"keywords\":[\"Data Protection\",\"Data Protection Laws\",\"digital personal data protection act 2023\",\"Experts Corner\"],\"articleSection\":[\"Experts Corner\",\"Khaitan &amp; Co\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2023\\\/08\\\/22\\\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2023\\\/08\\\/22\\\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\\\/\",\"url\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2023\\\/08\\\/22\\\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\\\/\",\"name\":\"India's Digital Personal Data Protection Act, 2023 \u2014 Impact on Hospitality Sector | SCC Times\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2023\\\/08\\\/22\\\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2023\\\/08\\\/22\\\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/india-digital-personal-data-protection-act-2023.webp\",\"datePublished\":\"2023-08-22T09:30:26+00:00\",\"dateModified\":\"2023-09-04T12:11:58+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/#\\\/schema\\\/person\\\/919ec47cc1b871b362af05740398033a\"},\"description\":\"The hospitality sector (encompassing restaurants, hotels, and other hospitality establishments) is no stranger to handling vast amounts\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2023\\\/08\\\/22\\\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2023\\\/08\\\/22\\\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2023\\\/08\\\/22\\\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/india-digital-personal-data-protection-act-2023.webp\",\"contentUrl\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/india-digital-personal-data-protection-act-2023.webp\",\"width\":886,\"height\":590,\"caption\":\"india digital personal data protection act 2023\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2023\\\/08\\\/22\\\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"India&#8217;s Digital Personal Data Protection Act, 2023 \u2014 Impact on Hospitality Sector\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/\",\"name\":\"SCC Times\",\"description\":\"Bringing you the Best Analytical Legal News\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/#\\\/schema\\\/person\\\/919ec47cc1b871b362af05740398033a\",\"name\":\"Bhumika Indulia\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/84c1b51748d0297cf12e5a898eccb7bd3eb5f0ab4ae8e275e2e65c4c83f84740?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/84c1b51748d0297cf12e5a898eccb7bd3eb5f0ab4ae8e275e2e65c4c83f84740?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/84c1b51748d0297cf12e5a898eccb7bd3eb5f0ab4ae8e275e2e65c4c83f84740?s=96&d=mm&r=g\",\"caption\":\"Bhumika Indulia\"},\"url\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/author\\\/editor_1\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"India's Digital Personal Data Protection Act, 2023 \u2014 Impact on Hospitality Sector | SCC Times","description":"The hospitality sector (encompassing restaurants, hotels, and other hospitality establishments) is no stranger to handling vast amounts","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/","og_locale":"en_US","og_type":"article","og_title":"India's Digital Personal Data Protection Act, 2023 \u2014 Impact on Hospitality Sector","og_description":"The hospitality sector (encompassing restaurants, hotels, and other hospitality establishments) is no stranger to handling vast amounts","og_url":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/","og_site_name":"SCC Times","article_publisher":"https:\/\/www.facebook.com\/scc.online\/","article_published_time":"2023-08-22T09:30:26+00:00","article_modified_time":"2023-09-04T12:11:58+00:00","og_image":[{"width":886,"height":590,"url":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/india-digital-personal-data-protection-act-2023.jpg","type":"image\/jpeg"}],"author":"Bhumika Indulia","twitter_card":"summary_large_image","twitter_title":"India's Digital Personal Data Protection Act, 2023 \u2014 Impact on Hospitality Sector","twitter_misc":{"Written by":"Bhumika Indulia","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/#article","isPartOf":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/"},"author":{"name":"Bhumika Indulia","@id":"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/919ec47cc1b871b362af05740398033a"},"headline":"India&#8217;s Digital Personal Data Protection Act, 2023 \u2014 Impact on Hospitality Sector","datePublished":"2023-08-22T09:30:26+00:00","dateModified":"2023-09-04T12:11:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/"},"wordCount":1484,"commentCount":3,"image":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/#primaryimage"},"thumbnailUrl":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/india-digital-personal-data-protection-act-2023.webp","keywords":["Data Protection","Data Protection Laws","digital personal data protection act 2023","Experts Corner"],"articleSection":["Experts Corner","Khaitan &amp; Co"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/","url":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/","name":"India's Digital Personal Data Protection Act, 2023 \u2014 Impact on Hospitality Sector | SCC Times","isPartOf":{"@id":"https:\/\/www.scconline.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/#primaryimage"},"image":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/#primaryimage"},"thumbnailUrl":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/india-digital-personal-data-protection-act-2023.webp","datePublished":"2023-08-22T09:30:26+00:00","dateModified":"2023-09-04T12:11:58+00:00","author":{"@id":"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/919ec47cc1b871b362af05740398033a"},"description":"The hospitality sector (encompassing restaurants, hotels, and other hospitality establishments) is no stranger to handling vast amounts","breadcrumb":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/#primaryimage","url":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/india-digital-personal-data-protection-act-2023.webp","contentUrl":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/india-digital-personal-data-protection-act-2023.webp","width":886,"height":590,"caption":"india digital personal data protection act 2023"},{"@type":"BreadcrumbList","@id":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.scconline.com\/blog\/"},{"@type":"ListItem","position":2,"name":"India&#8217;s Digital Personal Data Protection Act, 2023 \u2014 Impact on Hospitality Sector"}]},{"@type":"WebSite","@id":"https:\/\/www.scconline.com\/blog\/#website","url":"https:\/\/www.scconline.com\/blog\/","name":"SCC Times","description":"Bringing you the Best Analytical Legal News","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.scconline.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/919ec47cc1b871b362af05740398033a","name":"Bhumika Indulia","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/84c1b51748d0297cf12e5a898eccb7bd3eb5f0ab4ae8e275e2e65c4c83f84740?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/84c1b51748d0297cf12e5a898eccb7bd3eb5f0ab4ae8e275e2e65c4c83f84740?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/84c1b51748d0297cf12e5a898eccb7bd3eb5f0ab4ae8e275e2e65c4c83f84740?s=96&d=mm&r=g","caption":"Bhumika Indulia"},"url":"https:\/\/www.scconline.com\/blog\/post\/author\/editor_1\/"}]}},"jetpack_featured_media_url":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/india-digital-personal-data-protection-act-2023.webp","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/posts\/299820","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/users\/8808"}],"replies":[{"embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/comments?post=299820"}],"version-history":[{"count":0,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/posts\/299820\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/media\/299827"}],"wp:attachment":[{"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/media?parent=299820"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/categories?post=299820"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/tags?post=299820"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}