June 24, 2025
Labour Law

Navigating the Digital Personal Data Protection Act, 2023: An Overview for Indian Employers

June 1, 2025
FacebookXPinterestLinkedIn
Indian employers at present to continue to comply with the SPDI regime while preparing for a transition to the DPDP framework. By implementing clear internal policies, ensuring lawful processing, enabling employee rights, and building strong governance systems, employers can foster a culture of accountability and minimize legal risk in the digital age.

The Digital Personal Data Protection Act, 2023 (“DPDP Act”) introduces a comprehensive legal framework for managing digital personal data in India. For employers, the Act imposes significant obligations regarding the collection, processing, and safeguarding of employee data. These new provisions complement and, to an extent, overlap with existing requirements under the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (commonly referred to as the “SPDI Rules”).

Key Employer Obligations Under the DPDP Act

1. Data Fiduciary Responsibilities

Employers are classified as “Data Fiduciaries” because they determine the purpose and means of processing employee data. Accordingly, they must adhere to several core requirements:

Lawful Processing

Personal data must be processed only for lawful purposes. In an employment context, this includes functions such...

To Read The Full Story, Subscribe To Business Manager

Subscribe Now
Already a Subscriber Sign in now

Alok Bhasin

is Advocate, Bhasin & Bhasin Associates, Noida

View all posts

Author

Alok Bhasin

is Advocate, Bhasin & Bhasin Associates, Noida

View all posts

June 2025

Culture in Action - June 2025

Book Shop

Submit Your Article

Would you like to share your views? submit your Aricle by clicking on the button below. Submit your Article
error: Content is protected !!