Explore the essentials of India's Digital Personal Data Protection Act (DPDPA) concerning cookie policies, compliance obligations, and penalties. Learn how businesses can align with these regulations and secure user data.
Although not explicitly required by the DPDPA, having one is a good practice and will simplify meeting your obligations. Cookies are a widely spread method of processing of digital personal data of data subjects, and the data is protected under the new privacy regulation in India.
The DPDPA applies to two types of businesses:
- Those that process personal data within India; and
- Those that process personal data outside of India, but target Indian data principals by offering them goods or services from abroad.
When you ask for consent from users, you must inform them about how you handle personal information. At the moment of collection of data, you need to obtain consent. To obtain informed consent, you need to provide them with the required information.
That's where the privacy notice comes into play.
- What cookies are being used. If you could list the exact names of the cookies, that would be best for transparency.
- The processing purposes. Although in India you don't need granular consent for processing purposes, nonetheless you need to inform users about the processing purposes. For most websites, the purposes include functionalities, preferences, analytics, and marketing.
Penalties by the Data Protection Board for non-compliance
The DPDPA prescribes the following penalties:
- INR 10,000 for violations by a data principal;
- Up to INR 50 crore for violations where no specific penalties are prescribed; and
- Up to INR 250 crore for security and data breach violations.
The Data Protection Board of India imposes penalties on data fiduciaries according to the data privacy law. This means that T=the data fiduciary should be extra cautious in negotiating contracts with data processors, as the data fiduciary must assume they will be held liable for any violation by the data processor.
That's where Secure Privacy can help. We can help you get compliant with the DPDPA cookie requirements in three steps:
- Scan the website with our scanner. It will show you what cookies are being used on your website and will help you classify the essential from non-essential cookies.
- Use an India-DPDPA-compliant cookie banner on your website. You must obtain explicit user consent for non-essential cookies. We have a proper template that works with cookie scanner reports to ensure that your website is compliant.
EU Digital Markets Act (DMA): What Businesses Must Know
Explore the European Union's Digital Markets Act (DMA) and its impact on tech giants, gatekeepers, and SMEs. Uncover key provisions, designated companies, and the relevance of compliance for small to medium-sized enterprises.
- Europe GDPR
- Data Protection
The Complete Guide to WordPress GDPR Compliance: Make Your Wordpress Site is Compliant
Learn about the General Data Protection Regulation (GDPR) and its significance for WordPress websites. Discover essential steps, potential consequences of non-compliance, and effective cookie management strategies to ensure GDPR compliance.
- Europe GDPR
Understanding the Utah Consumer Privacy Act (UCPA): A Comprehensive Overview of the New Consumer Privacy Law
Learn about the Utah Consumer Privacy Act (UCPA), its impact on businesses operating in Utah or targeting Utah customers, compliance requirements, consumer rights, data security measures, and penalties for non-compliance.