What Are The Penalties Under The DPDP Act, 2023?

    Cyber and Technology Law
Law4u App Download

The Digital Personal Data Protection Act, 2023 (DPDP Act) establishes a comprehensive framework for the protection of personal data in India. It outlines specific penalties for various breaches to ensure compliance and safeguard individuals' privacy. The Data Protection Board (DPB) is empowered to impose these penalties, considering factors such as the nature and gravity of the breach, the type of personal data affected, and the actions taken by the data fiduciary to mitigate the breach.

Penalties Under the DPDP Act, 2023

Offence Maximum Penalty
Failure to take reasonable security safeguards to prevent data breaches ₹250 Crores
Failure to notify the Board or affected data principal of a data breach ₹200 Crores
Breach of obligations related to children's data ₹200 Crores
Breach of obligations by significant data fiduciaries ₹150 Crores
Breach of duties by data principals ₹10,000
Breach of terms of voluntary undertaking accepted by the Board Up to applicable breach penalty
Breach of any other provision of the Act or rules made thereunder ₹50 Crores

Note: All penalties are credited to the Consolidated Fund of India.

Factors Considered in Determining Penalties

The Data Protection Board considers the following factors when determining the amount of monetary penalty:

  • Nature, gravity, and duration of the breach
  • Type and nature of the personal data affected
  • Repetitive nature of the breach
  • Gain or loss resulting from the breach
  • Mitigating actions taken and their effectiveness
  • Proportionality and effectiveness of the penalty in ensuring compliance
  • Likely impact of the penalty on the offender

Example

Scenario:
A significant data fiduciary fails to implement reasonable security safeguards, resulting in a data breach affecting a large number of individuals' personal data.

Steps:

  • Incident Occurrence: The data fiduciary's system is compromised due to inadequate security measures.
  • Notification: The fiduciary fails to notify the Data Protection Board or the affected individuals within the stipulated time frame.
  • Investigation: The Data Protection Board conducts an inquiry and determines the breach is significant.
  • Penalty Imposition: Considering the factors mentioned above, the Board imposes a penalty of ₹150 Crores on the data fiduciary.

This example illustrates the process and considerations involved in the imposition of penalties under the DPDP Act, 2023.

Answer By Law4u Team

See More Advocates
Meet Our Best Advocates
Advocate Vishal T Lokhande
Get Advice
Advocate Marshal Ramkrishnan Nadar
Get Advice
Advocate Damodar Pote
Get Advice
Advocate Varsha Gautam
Get Advice
Advocate Shashank Dubey
Get Advice
Advocate Prem Kumar
Get Advice
Advocate Praveen Kumar Sharma
Get Advice
Advocate Ashish Kumar
Get Advice

Cyber and Technology Law Related Questions

Discover clear and detailed answers to common questions about Cyber and Technology Law. Learn about procedures and more in straightforward language.

  • 28-May-2025
  • Military Law
What are the common grounds for appeal against court martial verdict?
  • 28-May-2025
  • Military Law
How is Sentencing Decided in a Court Martial?
  • 28-May-2025
  • Military Law
Is there a provision for plea bargaining in court martial?
  • 28-May-2025
  • Military Law
Can a court martial try cases of sexual harassment?
  • 28-May-2025
  • Military Law
What is the role of the Armed Forces Tribunal in court martial appeals?
  • 28-May-2025
  • Military Law
What is the punishment for insubordination under court martial?

Get all the information you want in one app! Download Now