Sections 11-15

Data Principal Rights

The DPDP Act 2023 empowers individuals (Data Principals) with fundamental rights over their personal data. Organizations must implement mechanisms to honor these rights.

Fundamental Rights

Section 11

Right to Access Information

Data Principals have the right to obtain a summary of their personal data being processed and the processing activities.

Summary of personal data being processed

Identities of Data Fiduciaries and Data Processors

Information about any data sharing with third parties

Response within prescribed time period under Rule 14

Section 12

Right to Correction and Erasure

Data Principals can request correction of inaccurate or misleading data, completion of incomplete data, updating of data, and erasure of data.

Correction of inaccurate or misleading personal data

Completion of incomplete personal data

Updating of personal data

Erasure of personal data no longer necessary

Section 13

Right to Grievance Redressal

Data Principals have the right to readily available means of grievance redressal provided by the Data Fiduciary.

Accessible grievance redressal mechanism

Response within prescribed timeframe

Escalation to Data Protection Board if unresolved

Right to file complaint with the Board

Section 14

Right of Nomination

Data Principals can nominate another individual to exercise their rights in the event of their death or incapacity.

Nominate any individual to exercise rights

Applicable in case of death or incapacity

Nominee can access, correct, or erase data

Registration process as per prescribed rules

Section 15

Duties of Data Principal

While Data Principals have rights, they also have corresponding duties to ensure responsible exercise of these rights.

Comply with applicable laws while exercising rights

Not impersonate another person while providing personal data

Not suppress any material information while providing data

Not register false or frivolous grievances or complaints

Provide authentic and verifiable information when required

Need to Implement Data Principal Rights?

TCSA helps organizations build compliant mechanisms for honoring Data Principal rights.

Related Certifications

Strengthen Your Compliance Posture

Explore complementary certifications that work together to provide comprehensive security and compliance coverage.

Complementary

ISO 27701

International privacy standard. Demonstrates global privacy best practices beyond DPDP.

Learn More

Foundation

ISO 27001

Information security foundation. DPDP compliance is easier with strong ISMS in place.

Learn More