Skip to main contentChat with us

Glossary · Privacy & Data Protection

Data Fiduciary

Under India's DPDP Act, the person or organisation that determines the purpose and means of processing personal data — the rough equivalent of a "controller" under GDPR. The Data Fiduciary carries the primary accountability for lawful processing and for honouring Data Principal rights.

This definition is part of TCSA’s plain-English compliance glossary, written and reviewed by the auditors who prepare organizations for these frameworks — 500+ audits delivered across India, USA, UK, Australia & UAE.

Go deeper: the full Data Fiduciary guide

The complete plain-English explainer behind this definition.

Related Privacy & Data Protection terms

BAA

A contract required under HIPAA between a covered entity and any vendor (a "business associate") that handles protected health information on its behalf. It binds the vendor to safeguard PHI and to report breaches, extending HIPAA obligations down the supply chain.

Consent Manager

Under India's DPDP Act, a registered intermediary that lets a Data Principal give, manage, review, and withdraw consent through a single, interoperable platform. It acts on the individual's behalf and is accountable to the Data Protection Board.

Data Principal

Under India's DPDP Act, the individual to whom the personal data relates — the equivalent of a "data subject" under GDPR. Data Principals have rights to access, correction, erasure, and grievance redressal.

DPDP Act

India's comprehensive data-protection law governing the processing of digital personal data, built around consent, purpose limitation, and accountability. It introduces the roles of Data Fiduciary and Data Principal and is enforced by the Data Protection Board of India.

DPIA

A structured assessment of how a planned processing activity could affect individuals' privacy, used to identify and mitigate risks before processing begins. It is mandatory under GDPR for high-risk processing and is expected of Significant Data Fiduciaries under the DPDP Act.

GDPR

The European Union's data-protection regulation governing how personal data of individuals in the EU and EEA is collected, processed, and transferred. It applies extraterritorially, so organisations outside Europe that offer goods or services to EU residents are also bound by it.

Browse all 54 glossary terms

Written By Expert Auditors

Surendra Pal Singh
Surendra Pal Singh
Chief Information Security Officer & Data Protection Officer
CISODPOCISAMCSEITILISO 27001 Lead AuditorISO 27701 Lead AuditorISO 42001 Lead Auditor
Saundhi Chauhan
Saundhi Chauhan
Lead Auditor
ISO 27001 Lead AuditorISO 27701 Lead Auditor
Last reviewed: July 2026Content verified by certified lead auditors

Get in touch

Book a free consultation or send us your requirements. We respond within 24 hours.

Quick Call

Pick a time slot

Send Requirements

Get a custom quote in 24 hours

We're Online

⚠️ Business inquiries only. Personal email addresses will be rejected.

24hr Response
Free Consultation
No Obligations