One of the requirements of DPDPA 2023 as a law of Digital Personal Data Compliance is that Personal Data shall be processed only for lawful purpose. Hence it is a compliance requirement that a Data Fiduciary shall adopt necessary measures to ensure that all their employees remember that “Making Profits” is only a goal secondary to “Being Lawful”.
In terms of compliance the Board should establish the norm through a resolution mandating DPDPA 2023 compliance that the organization shall take such measures as are required to be compliant with all laws of the land in their activities.
At the operational level, the compliance specification would require that all “Project Managers” who prepare new project proposals whether in Business, R&D, Finance etc., shall add an assurance that the “Project proposal is within legal boundaries of all applicable laws”.
For this purpose adherence to laws such as the ITA 2000 becomes mandatory for compliance of DPDPA 2023. If the new IPC (Bharatiya Nyaaya Sanhita 2023) or Telecom Act or the new Evidence Act (Bharatiya Nyaaya Adhiniyam) has any provisions applicable to Digital personal data, they shall also be complied with as part of DPDPA 2023 compliance.
Naavi