Decrypting India's New Data Protection Law: Key Insights and Lessons Learned (Part I)

Summary

This article reviews India's new Digital Personal Data Protection Act. In this first part of their article, the authors examine, among other things, the material scope of the law, its extraterritoriality, and covered organizations as well as covered data and processing obligations and data protection principles and lawful processing. In the conclusion of this article, to be published in the next issue of Pratt's Privacy & Cybersecurity Law Report, the authors will explore heightened processing situations under the law (in particular, children's privacy, significant data fiduciaries, and no special category data); data subject rights and duties; transparency, accountability, and security measures; cross-border data transfers; and enforcement and liability.