pushpeshpaliwals@gmail.com

French Data Protection Fine for failure to take adequate security measures

French Data Protection Fine for failure to take adequate security measures Global Data Protection French Data Protection Fine for failure to take adequate security measures CNIL fined FRANCE TRAVAIL, a national public administration institute. Hackers had managed to access France Travail’s information systems using a social engineering attack. CNIL concluded that the technical and organisational […]

French Data Protection Fine for failure to take adequate security measures Read More »

GDPR – PROCESSOR

Data Protection

Who is a processor? Briefing Document 2026

GDPR – PROCESSOR Read More »

India AI Governance Guidelines

AI Law

India AI Governance Guidelines Summary MeitY Regulatory Summary India AI Governance Guidelines MeitY has released the India AI Governance Guidelines under the IndiaAI Mission with ‘Do No Harm’ as the core principle for the AI Governance framework(here). Applicability: The guidelines propose a governance framework applicable to all stakeholders in the AI ecosystem. Four Key Components:

India AI Governance Guidelines Read More »

Data fiduciary obligations

Data Protection

The Digital Personal Data Protection Act, 2023 (“DPDPA”) imposes certain obligations on the Data Fiduciary (i.e. entity processing the personal data). These obligations provide a framework, setting out the basic requirements for an entity to process personal data. The Act sets out the following requirements: Each of these aspects require further elaboration to ensure effective

Data fiduciary obligations Read More »

Data Deletion obligations under the DPDPA

Data Protection / Leave a Comment

The Digital Personal Data Protection Act, 2023 (“DPDPA”) mandates deletion of personal information that is either no longer required or fits the criteria for deletion. One global exception for the data deletion obligation is when the data is required for compliance with any law. When to delete data – the easy way Data deletion is

Data Deletion obligations under the DPDPA Read More »

Quality of Consent under DPDPA

Data Protection

The Digital Personal Data Protection Act, 2023 (“DPDPA”) contemplates that consent be obtained for processing personal data of the Data Principal (“user”) but that the consent should be of a certain quality. The quality of the consent is determined by the following elements: Each of these requirements is to be satisfied for a consent to

Quality of Consent under DPDPA Read More »

Personal Data – User’s Right to Access Information

Data Protection

Personal Data – User’s Right to Access Information The Data Principal (i.e. the user) has a right to access information about their personal data processed by a company or a firm (i.e. the Data Fiduciary). To provide this information, the company has to build channels that allow such information to be processed. This information is

Personal Data – User’s Right to Access Information Read More »

Grievance redressal under the DPDPA

Data Protection

Grievance Redressal under the DPDPA Grievance redressal is a core compliance that every Data Fiduciary must address. Grievance redressal is a right of the Data Principal (i.e. the user) under the DPDPA. The legislative intent to categorise grievance redressal as a right is firmly rooted in iterations of the previous bills. Though the Act does

Grievance redressal under the DPDPA Read More »