Feb 16 / Punit Bhatia

Key Definitions in Digital Personal Data Protection (DPDP) Bill 2023

Drag to resize

In the FIT4Privacy podcast, Punit Bhatia delves into the intricacies of India's Digital Personal Data Protection Bill 2023, unraveling its key definitions and implications. Let's unravel the terminology and concepts outlined in this significant legislation.

Key Definitions in Digital Personal Data Protection Bill (DPDP) 2023 of India

With a focus on bolstering privacy practices in India, the Digital Personal Data Protection Bill 2023 introduces 12 pivotal definitions essential for regulatory adherence and cultivating a robust privacy culture across organizations.

  1. Data Principle: Corresponding to the EU GDPR's "data subject," the data principle refers to an individual whose personal data is processed. This includes children under the age of 18, along with their lawful guardians.

  2. Child: Unlike the EU GDPR's flexible age range (13-16), India's bill defines a child as anyone below 18 years old, emphasizing heightened protection for minors.

  3. Data Fiduciary: Analogous to the GDPR's "data controller," a data fiduciary is a company determining the purpose and means of processing personal data. Notably, the term "person" replaces "entity," encompassing individuals, companies, or associations.

  4. Data Processor: Consistent with the GDPR, a data processor handles personal data on behalf of a data fiduciary, maintaining continuity in terminology and responsibilities.

  5. Person: Expanded to include individuals, companies, Hindu undivided families, or any legal entity, the term "person" broadens the scope of entities governed by the bill.

  6. Data Protection Officer (DPO): A key departure from the GDPR, not all data fiduciaries must appoint a DPO. Only significant data fiduciaries, as designated by the government, are mandated to do so, reflecting a nuanced approach to regulatory compliance.

  7. Personal Data: Aligned with the GDPR, personal data encompasses any information identifying an individual, simplifying the regulatory framework by omitting special categories.

  8. Personal Data Breach: Mirroring GDPR guidelines, a personal data breach encompasses any unauthorized processing or disclosure compromising data confidentiality, integrity, or availability.

  9. Processing: Defined broadly as any operation performed on personal data, processing encompasses a myriad of activities, ensuring comprehensive coverage under the legislation.

  10. Public Interest: Introduced as a pivotal concept, public interest exemptions safeguard national security, public order, and diplomatic relations, offering a nuanced balance between privacy and state interests.

  11. Consent Manager: A novel term absent in the GDPR, a consent manager acts as an intermediary enabling individuals or data fiduciaries to manage consent transparently and efficiently, reflecting evolving privacy practices.

  12. Digital Office: Reflecting India's digital-centric approach, a digital office facilitates online proceedings, underscoring the bill's emphasis on digital governance and privacy management.


Navigating the landscape of India's Digital Personal Data Protection Bill 2023 necessitates a nuanced understanding of its key definitions and implications. By unpacking these terms, stakeholders can proactively address privacy challenges, foster compliance, and uphold data protection standards in the digital realm.


About Punit Bhatia

Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high AI & privacy awareness and compliance as a business priority by creating and implementing a AI & privacy strategy and policy.

Punit is the author of books “Be Ready for GDPR” which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 50 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.

As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one’s value to have joy in life. He has developed the philosophy named ‘ABC for joy of life’ which passionately shares. Punit is based out of Belgium, the heart of Europe.

For more information, please click here.

Listen to the top ranked EU GDPR based privacy podcast...

Stay connected with the views of leading data privacy professionals and business leaders in today's world on a broad range of topics like setting global privacy programs for private sector companies, role of Data Protection Officer (DPO), EU Representative role, Data Protection Impact Assessments (DPIA), Records of Processing Activity (ROPA), security of personal information, data security, personal security, privacy and security overlaps, prevention of personal data breaches, reporting a data breach, securing data transfers, privacy shield invalidation, new Standard Contractual Clauses (SCCs), guidelines from European Commission and other bodies like European Data Protection Board (EDPB), implementing regulations and laws (like EU General Data Protection Regulation or GDPR, California's Consumer Privacy Act or CCPA, Canada's Personal Information Protection and Electronic Documents Act or PIPEDA, China's Personal Information Protection Law or PIPL, India's Personal Data Protection Bill or PDPB), different types of solutions, even new laws and legal framework(s) to comply with a privacy law and much more.
Created with