← GlossaryRoles
Data Fiduciary
An entity that alone or with others determines the purpose and means of processing personal data under the DPDPA.
A Data Fiduciary is the organisation that decides why and how personal data is processed — analogous to a "controller" under other regimes. Data Fiduciaries carry the primary obligations under the DPDPA: notice, consent, security, rights-fulfilment and breach reporting. Larger or higher-risk entities may be designated Significant Data Fiduciaries with extra duties such as appointing a Data Protection Officer and conducting impact assessments.