DPDPA & data-protection terms

A free, specific, informed, unambiguous and withdrawable agreement to process personal data for stated purposes.

The automated process of finding and classifying personal data across an organisation's systems.

An entity that alone or with others determines the purpose and means of processing personal data under the DPDPA.

The individual to whom personal data relates under the DPDPA.

The individual designated to oversee data protection and act as a point of contact, required of Significant Data Fiduciaries.

India's Digital Personal Data Protection Act — the law governing how organisations process the personal data of individuals in India.

A Data Protection Impact Assessment — a structured assessment of privacy risks in a processing activity.

A Data Subject Access Request — a Data Principal's request to access, correct or erase their personal data.

Any data about an individual who is identifiable by or in relation to such data.

Records of Processing Activities — the inventory of how an organisation processes personal data.