{"id":351642,"date":"2025-06-27T09:00:54","date_gmt":"2025-06-27T03:30:54","guid":{"rendered":"https:\/\/www.scconline.com\/blog\/?p=351642"},"modified":"2025-06-26T19:47:37","modified_gmt":"2025-06-26T14:17:37","slug":"data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023","status":"publish","type":"post","link":"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/","title":{"rendered":"Data Deletion — A Key Compliance under the Digital Personal Data Protection Act, 2023"},"content":{"rendered":"
\n

Introduction<\/h2>\n

The phrase \u201cdata is the new oil\u201d has created a misconception that all pieces of data have value and so it should be stored. Thinking that there is value in data, all types of data collecting entities such as individuals, companies, government departments and professionals, etc. are in the habit of storing data indefinitely, beyond their regulatory obligations or operational needs, leading to data bloating. There are three primary reasons why they become data bloated: (i<\/span>) the fondness to accumulate; (ii<\/span>) the inertia to throw things; and (iii<\/span>) procrastination. Humans have had a hoarder’s mentality to store all types of digital data coupled with indolence, this has resulted worldwide data to reach an astounding 175 zettabytes as per the International Data Corporation (IDC’s) Report1<\/sup><\/a>. A zettabyte is equal to a trillion gigabytes. Just to understand the magnitude, as per David Reinsel (Sr. VP of IDC)2<\/sup><\/a> if 175 zettabytes data were put in discs, then we would have a stack of discs that could get us to the moon 23 times.<\/p>\n

Data retention and absence of maximum period of retention in India<\/h2>\n

Maintaining data records as a legal requirement has existed for quite some time in India. Many Indian laws contain provisions with expressions such as \u201cmaintenance of record\u201d or \u201cpreservation of register\u201d, which mandate retention of data. Retention of data is a pan-sectoral practice, from the Minimum Wages Act, 1948<\/a>3<\/sup><\/a> to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021<\/a>4<\/sup><\/a>, an entity is required to retain a data for a minimum time-frame, however, such laws and rules are usually silent on the maximum time-frame for retention of data and the consequences of indefinite retention, etc.<\/p>\n

Regulations such as the New Drugs and Clinical Trials Rules, 20195<\/sup><\/a> require biotech companies to retain all data, records related to such bioavailability or bioequivalence study for a period of 5 years; the Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 20026<\/sup><\/a> mandate medical doctors to maintain medical record of patients for 3 years. Such data retention regulations were usually designed in absence of concerns regarding privacy aspects of the individuals concerned, which led to data being stored indefinitely.<\/p>\n

What the\u00a0Digital Personal Data Protection Act, 2023<\/a>\u00a0has to say about data retention?<\/h2>\n

The Digital Personal Data Protection Act, 2023<\/a> (DPDPA)7<\/sup><\/a> which is India’s novel privacy law, regulates processing of digital personal data and prescribes data protection rights of data principals.8<\/sup><\/a> It applies homogenously to all entities which process9<\/sup><\/a> personal data, including storing such data. The DPDPA like the global privacy laws such as General Data Protection Regulations (GDPR)10<\/sup><\/a> in Europe or the Health Insurance Portability and Accountability Act, 1996 (HIPAA)11<\/sup><\/a> in USA imbibe the principals of storage limitation12<\/sup><\/a> and data minimisation.13<\/sup><\/a> These principles pose a duty on the data processing entity (or the data fiduciary14<\/sup><\/a>) to collect only minimum amount of personal data which is required to deliver the service and erase such personal data when all purposes relating to its existence is discharged. Many entities are already retaining data as per the requirement of their sectoral regulations. Usually such data sets also have \u201cpersonal data\u201d component such as name, age, contact details embedded, which brings it within the purview of the DPDPA and the data erasure compliances enshrined in it. Since the DPDPA’s objective and legal framework relating to privacy is entirely new with no direct predecessor, a lack of continuity or lineage from an already existing Indian law, the unheard data erasure mandate of the DPDPA will pose a challenge for all entities.<\/p>\n

Data slimming for companies, an inescapable task for future<\/h2>\n

Entities have been used to storing excess data due to the ease associated with storage of such data. The plummeting cost of storage has resulted in massive data junkyards in all organisations. The risks of leakage of old and archived data sets are much higher today due to the advent of the DPDPA. Prospectively, all entities will not only have to abide by the prescribed timelines but also craft exhaustive data retention policy for their organisation\/office. Jumping the signal here could lead to the entity being fined up to 5.2 million EUR15<\/sup><\/a> in Indian jurisdiction. In foreign jurisdictions such as the GDPR, the implementation of storage limitation is approached with seriousness and rigour, for example, the Finnish Data Protection Authority (DPA) fined16<\/sup><\/a> EUR 0.8 million to an online retailer after investigations revealed that it had not specified storage period of the data collected for the customer account of its online shop, and was storing such data for indefinite periods in its systems.<\/p>\n

Conclusion<\/h2>\n

Data erasure is a legal right17<\/sup><\/a> provided to the data principals and so its casts a duty towards all data fiduciaries.18<\/sup><\/a> Data erasure can be achieved by data deletion, anonymisation or destruction. Deletion should not be confused with merely hiding data or putting the same in the trash bin. Data deletion effectively includes a proof of deletion. Globally, presence of standards such as National Institutes of Standards and Technology (NIST)19<\/sup><\/a> SP 800-88 or the Department of Defence (DoD)20<\/sup><\/a> 5220.22-M or ever evolving practices such as cryptographic shredding, auto deletion triggers bring to light the importance attached to letting go of data. Around the world, letting go of excess data has become a process owing to operational needs and privacy laws, in India also, entities will have to imbibe the idea of letting of excess data for smooth data governance.<\/p>\n<\/div>\n

\n

*Manager, K&S Digiprotect Services Private Limited. Author can be reached at: chandrasekhar@knsdigiprotect.com<\/a><\/span><\/strong><\/p>\n

**CEO, K&S Digiprotect Services Private Limited. Author can be reached at: aman@knsdigiprotect.com<\/a>.<\/span><\/strong><\/p>\n

1.<\/a> As reported by the International Data Corporation, the relevant information is Andy Patrizio, \u201cIDC: Expect 175 Zettabytes of Data Worldwide by 2025\u201d (networkworld.com).<\/p>\n

2.<\/a> The relevant statement can be accessed in this article, Andy Patrizio, \u201cIDC: Expect 175 Zettabytes of Data Worldwide by 2025\u201d (networkworld.com).<\/p>\n

3.<\/a> Minimum Wages Act, 1948, S. 18<\/a>, requires employer to maintain a record in a register of employee details, work hours and work performed, wages paid, etc. As such no maximum period of retention is applicable.<\/p>\n

4.<\/a> As per, Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, R. 3(1)(b)(g)<\/a>, all social media intermediaries are required to retain all information regarding a user registration account post deletion, for a period of 180 days.<\/p>\n

5.<\/a> New Drugs and Clinical Trials Rules, 2019.<\/a><\/p>\n

6.<\/a> Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002<\/a> made under Indian Medical Council Act, 1956<\/a> which is now National Medical Commission Act, 2019<\/a>.<\/p>\n

7.<\/a> Digital Personal Data Protection Act, 2023.<\/a><\/p>\n

8.<\/a> Digital Personal Data Protection Act, 2023, S. 2(j)<\/a> defined as:<\/p>\n

2. Definitions.\u2014<\/span> (j<\/span>) \u201cdata principal\u201d means the individual to whom the personal data relates and where such individual is\u2014<\/p>\n

(i<\/span>) a child, includes the parents or lawful guardian of such a child; and<\/p>\n

(ii<\/span>) a person with disability, includes her lawful guardian, acting on her behalf.<\/p>\n

9.<\/a> Digital Personal Data Protection Act, 2023, S. 2(x)<\/a> defined as:<\/p>\n

2. Definitions.\u2014<\/span> (x<\/span>) \u201cprocessing\u201d in relation to personal data, means a wholly or partly automated operation or set of operations performed on digital personal data, and includes operations such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction.<\/p>\n

10.<\/a> General Data Protection Regulations, 2016 (EU).<\/p>\n

11.<\/a> Health Insurance Portability and Accountability Act, 1996 (US).<\/p>\n

12.<\/a> The principle of storage limitation requires entities to limit storage of personal data to the extent, the purpose of storing such data is present. Once the purpose of storing such data is completed, such personal data can be erased or anonymised subject to applicable law. More information on this principle is Data Protection Principles, A Guide to the Data Protection Principles, \u201cPrinciple (e): Storage Limitation\u201d, UK Information Commissioners Office (ico.org.uk).<\/p>\n

13.<\/a> The principle of data minimisation requires entities to collect minimum amounts of personal data which is required to deliver a service to an individual element. More information on this principle is UK GDPR Guidance and Resources, Children’s Information, Children’s Code Guidance and Resources, Age-Appropriate Design: A Code of Practice for Online Services, \u201c8. Data Minimisation\u201d, UK Information Commissioners Office (ico.org.uk).<\/p>\n

14.<\/a> Digital Personal Data Protection Act, 2023, S. 2(i)<\/a> defined as:<\/p>\n

2. Definitions.\u2014<\/span>(i<\/span>) \u201cdata fiduciary\u201d means any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data.<\/p>\n

15.<\/a> Digital Personal Data Protection Act, 2023, Schedule, Provision 7<\/a> any general breach of provisions of the Digital Personal Data Protection Act, 2023 can attract a fine of up to Rs 50 crores or around EUR 5.2 million.<\/p>\n

16.<\/a> The news report containing information of the Finnish DPA fined online retailer Verkkokauppa.com is \u201cFinnish SA: Administrative Fine of \u00e2\u201a\u00ac 856,000 for Failing to Define Storage Period of Customer Data\u201d (edpb.europa.eu, 8-5-2024).<\/p>\n

17.<\/a> Digital Personal Data Protection Act, 2023, S. 8(7)<\/a> prescribe data erasure duty for the data fiduciaries:<\/p>\n

8. General obligations of data fiduciary.\u2014<\/span> (7) A data fiduciary shall, unless retention is necessary for compliance with any law for the time being in force\u2014<\/p>\n

(a<\/span>) erase personal data, upon the data principal withdrawing her consent or as soon as it is reasonable to assume that the specified purpose is no longer being served, whichever is earlier; and<\/p>\n

(b<\/span>) cause its data processor to erase any personal data that was made available by the data fiduciary for processing to such data processor.<\/p>\n

18.<\/a> Data fiduciaries are entities such as companies, individuals, associations, government departments, etc. which decide the means and purposes of data processing. They usually also collect personal data themselves.<\/p>\n

19.<\/a> NIST stands for National Institutes of Standards and Technology. It is a non-regulatory agency in the United States Department of Commerce. NIST develops and maintains standards for industries, including cybersecurity, engineering and physical science.<\/p>\n

20.<\/a> This standard is provided by the Department of Defence of the US Government.<\/p>\n","protected":false},"excerpt":{"rendered":"

by S. Chandrasekhar* and Aman Varma**<\/p>\n","protected":false},"author":67011,"featured_media":351643,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[42503,1191],"tags":[84249,64751,84251,84250,32909],"class_list":["post-351642","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-legal-analysis","category-op-ed","tag-data-deletion","tag-digital-personal-data-protection-act","tag-international-data-corporation","tag-key-compliance","tag-minimum-wages-act"],"yoast_head":"\nData Deletion — A Key Compliance under the Digital Personal Data Protection Act, 2023 | SCC Times<\/title>\n<meta name=\"description\" content=\"The phrase \u201cdata is the new oil\u201d has created a misconception that all pieces of data have value and so it should be stored\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data Deletion \u2014 A Key Compliance under the Digital Personal Data Protection Act, 2023\" \/>\n<meta property=\"og:description\" content=\"The phrase \u201cdata is the new oil\u201d has created a misconception that all pieces of data have value and so it should be stored\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/\" \/>\n<meta property=\"og:site_name\" content=\"SCC Times\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/scc.online\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-27T03:30:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/06\/Digital-Personal-Data-Protection-Act.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"886\" \/>\n\t<meta property=\"og:image:height\" content=\"590\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Editor\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Data Deletion — A Key Compliance under the Digital Personal Data Protection Act, 2023\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Editor\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/\",\"url\":\"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/\",\"name\":\"Data Deletion — A Key Compliance under the Digital Personal Data Protection Act, 2023 | SCC Times\",\"isPartOf\":{\"@id\":\"https:\/\/www.scconline.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/06\/Digital-Personal-Data-Protection-Act.webp\",\"datePublished\":\"2025-06-27T03:30:54+00:00\",\"author\":{\"@id\":\"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/84e42bab48238baf12c7e33b3d9761fe\"},\"description\":\"The phrase \u201cdata is the new oil\u201d has created a misconception that all pieces of data have value and so it should be stored\",\"breadcrumb\":{\"@id\":\"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/#primaryimage\",\"url\":\"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/06\/Digital-Personal-Data-Protection-Act.webp\",\"contentUrl\":\"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/06\/Digital-Personal-Data-Protection-Act.webp\",\"width\":886,\"height\":590,\"caption\":\"Digital Personal Data Protection Act\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.scconline.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data Deletion — A Key Compliance under the Digital Personal Data Protection Act, 2023\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.scconline.com\/blog\/#website\",\"url\":\"https:\/\/www.scconline.com\/blog\/\",\"name\":\"SCC Times\",\"description\":\"Bringing you the Best Analytical Legal News\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.scconline.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/84e42bab48238baf12c7e33b3d9761fe\",\"name\":\"Editor\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/34e366be721c41333586de05faa13743195f5b142dcd7a015c6fabd2389521d0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/34e366be721c41333586de05faa13743195f5b142dcd7a015c6fabd2389521d0?s=96&d=mm&r=g\",\"caption\":\"Editor\"},\"url\":\"https:\/\/www.scconline.com\/blog\/post\/author\/editor_4\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Data Deletion — A Key Compliance under the Digital Personal Data Protection Act, 2023 | SCC Times","description":"The phrase \u201cdata is the new oil\u201d has created a misconception that all pieces of data have value and so it should be stored","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/","og_locale":"en_US","og_type":"article","og_title":"Data Deletion \u2014 A Key Compliance under the Digital Personal Data Protection Act, 2023","og_description":"The phrase \u201cdata is the new oil\u201d has created a misconception that all pieces of data have value and so it should be stored","og_url":"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/","og_site_name":"SCC Times","article_publisher":"https:\/\/www.facebook.com\/scc.online\/","article_published_time":"2025-06-27T03:30:54+00:00","og_image":[{"width":886,"height":590,"url":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/06\/Digital-Personal-Data-Protection-Act.jpg","type":"image\/jpeg"}],"author":"Editor","twitter_card":"summary_large_image","twitter_title":"Data Deletion — A Key Compliance under the Digital Personal Data Protection Act, 2023","twitter_misc":{"Written by":"Editor","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/","url":"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/","name":"Data Deletion — A Key Compliance under the Digital Personal Data Protection Act, 2023 | SCC Times","isPartOf":{"@id":"https:\/\/www.scconline.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/#primaryimage"},"image":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/06\/Digital-Personal-Data-Protection-Act.webp","datePublished":"2025-06-27T03:30:54+00:00","author":{"@id":"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/84e42bab48238baf12c7e33b3d9761fe"},"description":"The phrase \u201cdata is the new oil\u201d has created a misconception that all pieces of data have value and so it should be stored","breadcrumb":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/#primaryimage","url":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/06\/Digital-Personal-Data-Protection-Act.webp","contentUrl":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/06\/Digital-Personal-Data-Protection-Act.webp","width":886,"height":590,"caption":"Digital Personal Data Protection Act"},{"@type":"BreadcrumbList","@id":"https:\/\/www.scconline.com\/blog\/post\/2025\/06\/27\/data-deletion-a-key-compliance-under-the-digital-personal-data-protection-act-2023\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.scconline.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Data Deletion — A Key Compliance under the Digital Personal Data Protection Act, 2023"}]},{"@type":"WebSite","@id":"https:\/\/www.scconline.com\/blog\/#website","url":"https:\/\/www.scconline.com\/blog\/","name":"SCC Times","description":"Bringing you the Best Analytical Legal News","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.scconline.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/84e42bab48238baf12c7e33b3d9761fe","name":"Editor","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/34e366be721c41333586de05faa13743195f5b142dcd7a015c6fabd2389521d0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/34e366be721c41333586de05faa13743195f5b142dcd7a015c6fabd2389521d0?s=96&d=mm&r=g","caption":"Editor"},"url":"https:\/\/www.scconline.com\/blog\/post\/author\/editor_4\/"}]}},"jetpack_featured_media_url":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/06\/Digital-Personal-Data-Protection-Act.webp","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":371058,"url":"https:\/\/www.scconline.com\/blog\/post\/2025\/12\/26\/digital-personal-data-protection-rules-2025-key-highlights\/","url_meta":{"origin":351642,"position":0},"title":"Digital Personal Data Protection (DPDP) Rules, 2025: Key Highlights of the Newly Notified Framework","author":"Editor","date":"December 26, 2025","format":false,"excerpt":"Ashish Deep Verma*","rel":"","context":"In "Op Eds"","block_context":{"text":"Op Eds","link":"https:\/\/www.scconline.com\/blog\/post\/category\/op-ed\/legal-analysis\/"},"img":{"alt_text":"Digital Personal Data Protection Rules 2025","src":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/12\/Digital-Personal-Data-Protection-Rules-2025.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/12\/Digital-Personal-Data-Protection-Rules-2025.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/12\/Digital-Personal-Data-Protection-Rules-2025.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/12\/Digital-Personal-Data-Protection-Rules-2025.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":299820,"url":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/","url_meta":{"origin":351642,"position":1},"title":"India’s Digital Personal Data Protection Act, 2023 \u2014 Impact on Hospitality Sector","author":"Bhumika Indulia","date":"August 22, 2023","format":false,"excerpt":"by Supratim Chakraborty\u2020 and Himeli Chatterjee\u2020\u2020 Cite as: 2023 SCC OnLine Blog Exp 68","rel":"","context":"In "Experts Corner"","block_context":{"text":"Experts Corner","link":"https:\/\/www.scconline.com\/blog\/post\/category\/experts_corner\/"},"img":{"alt_text":"india digital personal data protection act 2023","src":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/india-digital-personal-data-protection-act-2023.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/india-digital-personal-data-protection-act-2023.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/india-digital-personal-data-protection-act-2023.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/india-digital-personal-data-protection-act-2023.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":282107,"url":"https:\/\/www.scconline.com\/blog\/post\/2023\/01\/21\/the-digital-personal-data-protection-bill-2022\/","url_meta":{"origin":351642,"position":2},"title":"The Digital Personal Data Protection Bill, 2022","author":"Bhumika Indulia","date":"January 21, 2023","format":false,"excerpt":"by Shiv Mehrotra\u2020","rel":"","context":"In "Op Eds"","block_context":{"text":"Op Eds","link":"https:\/\/www.scconline.com\/blog\/post\/category\/op-ed\/legal-analysis\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/01\/MicrosoftTeams-image-149.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":299221,"url":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/12\/digital-personal-data-protection-bill-2023-receives-presidents-assent\/","url_meta":{"origin":351642,"position":3},"title":"Digital Personal Data Protection Bill, 2023 receives President’s assent","author":"Bhumika Indulia","date":"August 12, 2023","format":false,"excerpt":"The object of the Act is to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto.","rel":"","context":"In "Legislation Updates"","block_context":{"text":"Legislation Updates","link":"https:\/\/www.scconline.com\/blog\/post\/category\/legislationupdates\/"},"img":{"alt_text":"digital personal data protection act 2023","src":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/digital-personal-data-protection-act-2023.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/digital-personal-data-protection-act-2023.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/digital-personal-data-protection-act-2023.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/digital-personal-data-protection-act-2023.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":340157,"url":"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/31\/significant-actions-that-websites-must-take-to-be-compliant-with-indias-digital-personal-data-protection-act-2023\/","url_meta":{"origin":351642,"position":4},"title":"Significant Actions that Websites must Take to be Compliant with India’s Digital Personal Data Protection Act, 2023","author":"Bhumika Indulia","date":"January 31, 2025","format":false,"excerpt":"by Rishiraj Saha*","rel":"","context":"In "Op Eds"","block_context":{"text":"Op Eds","link":"https:\/\/www.scconline.com\/blog\/post\/category\/op-ed\/legal-analysis\/"},"img":{"alt_text":"India's Digital Personal Data Protection","src":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/01\/Indias-Digital-Personal-Data-Protection.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/01\/Indias-Digital-Personal-Data-Protection.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/01\/Indias-Digital-Personal-Data-Protection.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/01\/Indias-Digital-Personal-Data-Protection.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":241472,"url":"https:\/\/www.scconline.com\/blog\/post\/2021\/01\/04\/data-protection-all-you-need-to-know-about-gdpr-implementation-in-eu-countries\/","url_meta":{"origin":351642,"position":5},"title":"Data Protection: All you need to know about GDPR implementation in EU countries","author":"Editor","date":"January 4, 2021","format":false,"excerpt":"by Bhumika Indulia\u2020","rel":"","context":"In "Law made Easy"","block_context":{"text":"Law made Easy","link":"https:\/\/www.scconline.com\/blog\/post\/category\/law-made-easy\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2020\/12\/Austria.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/posts\/351642","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/users\/67011"}],"replies":[{"embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/comments?post=351642"}],"version-history":[{"count":0,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/posts\/351642\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/media\/351643"}],"wp:attachment":[{"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/media?parent=351642"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/categories?post=351642"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/tags?post=351642"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}