π Data Protection Laws in India and GDPR β A Comparative View
π§Ύ 1. Overview
Aspect
India
European Union (EU)
Law
Digital Personal Data Protection Act, 2023 (DPDPA)
General Data Protection Regulation, 2016 (GDPR)
Came into Force
Enacted in 2023 (yet to be fully operational in practice)
May 25, 2018
Regulates
Processing of personal data by government and private entities
Personal data processing within the EU & by foreign entities
π 2. Key Definitions
Concept
India β DPDPA
EU β GDPR
Personal Data
Any data about an individual that is identifiable
Any information related to an identified/identifiable person
Sensitive Data
Not separately defined under DPDPA
Includes race, health, political views, sexual orientation, etc.
Data Principal / Subject
The individual whose data is processed
The person to whom personal data belongs
Data Fiduciary / Controller
Entity that determines purpose of data processing
Entity that controls how and why data is processed
βοΈ 3. Consent Mechanism
India β DPDPA
EU β GDPR
Consent must be free, informed, specific, clear
Consent must be freely given, specific, informed, unambiguous
Consent managers may assist in managing permissions
Data subject must be able to withdraw consent easily
π‘οΈ 4. Data Protection Principles
Principles
India (DPDPA)
EU (GDPR)
Lawful and fair processing
β
β
Purpose limitation
β
β
Data minimization
β
β
Storage limitation
Implied
Explicit
Accuracy
Implied
Explicit
Accountability
Through compliance requirements
Explicit accountability and documentation duties
π 5. Rights of Individuals
Rights
India β DPDPA
EU β GDPR
Right to access
β
β
Right to correction
β
β
Right to erasure
β (limited)
β (Right to be forgotten)
Right to data portability
β Not yet included
β
Right to object to processing
β Not explicitly provided
β
ποΈ 6. Enforcement & Penalties
Aspect
India β DPDPA
EU β GDPR
Regulatory Authority
Data Protection Board of India
Data Protection Authorities (DPAs) in each EU country
Penalties
Up to βΉ250 crore (approx. β¬27 million)
Up to β¬20 million or 4% of global annual turnover
Complaint Mechanism
Data principal can file complaint
Data subject can lodge complaint with national DPA
π 7. Applicability Beyond Borders
India β DPDPA
EU β GDPR
Applies to processing outside India if offering goods/services in India
Applies extraterritorially to entities outside the EU that process EU residents' data
βοΈ 8. Limitations / Exemptions
India β DPDPA
EU β GDPR
Broad exemptions for government agencies for βpublic interestβ
Narrower exemptions for national security, public order
No separate law for sensitive data categories
Sensitive personal data is more strictly protected
π Conclusion
Point
India
EU
Still developing
Law enacted recently, yet to be fully implemented
GDPR is fully operational, mature legal framework
Comprehensiveness
Covers key principles but misses some rights
Highly comprehensive, detailed regulation
Regulatory Framework
Single national authority
Decentralized DPAs across EU member states
Enforcement
Financial penalties focused
Strong penalties + active enforcement
Would you like a PDF version, a presentation slide format, or a case study comparison (like WhatsApp or Facebook under GDPR vs India)?Here's a structured comparative view of Data Protection Laws in India and the EUβs General Data Protection Regulation (GDPR):
π Data Protection Laws in India and GDPR β A Comparative View
π§Ύ 1. Overview
Aspect
India
European Union (EU)
Law
Digital Personal Data Protection Act, 2023 (DPDPA)
General Data Protection Regulation, 2016 (GDPR)
Came into Force
Enacted in 2023 (yet to be fully operational in practice)
May 25, 2018
Regulates
Processing of personal data by government and private entities
Personal data processing within the EU & by foreign entities
π 2. Key Definitions
Concept
India β DPDPA
EU β GDPR
Personal Data
Any data about an individual that is identifiable
Any information related to an identified/identifiable person
Sensitive Data
Not separately defined under DPDPA
Includes race, health, political views, sexual orientation, etc.
Data Principal / Subject
The individual whose data is processed
The person to whom personal data belongs
Data Fiduciary / Controller
Entity that determines purpose of data processing
Entity that controls how and why data is processed
βοΈ 3. Consent Mechanism
India β DPDPA
EU β GDPR
Consent must be free, informed, specific, clear
Consent must be freely given, specific, informed, unambiguous
Consent managers may assist in managing permissions
Data subject must be able to withdraw consent easily
π‘οΈ 4. Data Protection Principles
Principles
India (DPDPA)
EU (GDPR)
Lawful and fair processing
β
β
Purpose limitation
β
β
Data minimization
β
β
Storage limitation
Implied
Explicit
Accuracy
Implied
Explicit
Accountability
Through compliance requirements
Explicit accountability and documentation duties
π 5. Rights of Individuals
Rights
India β DPDPA
EU β GDPR
Right to access
β
β
Right to correction
β
β
Right to erasure
β (limited)
β (Right to be forgotten)
Right to data portability
β Not yet included
β
Right to object to processing
β Not explicitly provided
β
ποΈ 6. Enforcement & Penalties
Aspect
India β DPDPA
EU β GDPR
Regulatory Authority
Data Protection Board of India
Data Protection Authorities (DPAs) in each EU country
Penalties
Up to βΉ250 crore (approx. β¬27 million)
Up to β¬20 million or 4% of global annual turnover
Complaint Mechanism
Data principal can file complaint
Data subject can lodge complaint with national DPA
π 7. Applicability Beyond Borders
India β DPDPA
EU β GDPR
Applies to processing outside India if offering goods/services in India
Applies extraterritorially to entities outside the EU that process EU residents' data
βοΈ 8. Limitations / Exemptions
India β DPDPA
EU β GDPR
Broad exemptions for government agencies for βpublic interestβ
Narrower exemptions for national security, public order
No separate law for sensitive data categories
Sensitive personal data is more strictly protected
π Conclusion
Point
India
EU
Still developing
Law enacted recently, yet to be fully implemented
GDPR is fully operational, mature legal framework
Comprehensiveness
Covers key principles but misses some rights
Highly comprehensive, detailed regulation
Regulatory Framework
Single national authority
Decentralized DPAs across EU member states
Enforcement
Financial penalties focused
Strong penalties + active enforcement
Do write to us if you need any further assistance.
0 comments