The New India Privacy Law & How It Applies to Data Erasure

A summary of data destruction requirements under the DPDP Act

India’s much awaited Digital Personal Data Protection Act (“DPDP Act”) became law August 11, 2023. Among other data management issues, the India privacy law lays out requirements for eliminating personal data.

While we expect future clarifications and amendments, here’s what we know now about the Act, data erasure—and how Blancco can help.

Applicability and scope

The Digital Personal Data Protection Act of 2023 imposes certain obligations about data protection overall, including data erasure and data minimization.

Who’s Affected

While applicable to India businesses, companies outside India are also affected if they process data related to offering goods or services to Data Principals within India.

What’s Affected

The act applies to digital data, including data digitized from a different format.

What’s Not Affected

Any personal data that is:

  1. Processed by an individual for any personal or domestic purpose.
  2. Made or caused to be made public by a) the Data Principal to whom such personal data relates or b) any other person obligated under Indian law to make such personal data publicly available.

When Erasure Applies

Companies in India must comply with obligations such as “Purpose limitation,” which is a duty to erase data once its purpose is met. There seems to be no room for secondary uses of personal data.

The Act also gives Data Principals the right to correct, complete, update, or erase their personal data. This obligates the Data Fiduciary to comply with that request.

India DPDP Act definitions

Board – Regulatory body responsible for the enforcement and effective implementation of the provisions of the Act.

Data Principal – The individual to whom the personal data relates and, where such individual is a child, includes the parents or lawful guardian of the child.

Significant Data Fiduciary – Data Fiduciary notified by the Central Government after considering factors such as the volume of personal data processed, risk to electoral democracy, security of State, and public order, among others.

Data Fiduciary – Any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data.

Data Processor – Any person who processes personal data on behalf of a Data Fiduciary.

Comparing India DPDP Act data erasure mandates to those of the GDPR

There are some similarities between India’s privacy law and the landmark General Data Protection Regulation (GDPR). For example, as with the GDPR, the Rights to Access, Rectification, and Erasure are bestowed upon Data Principals. However, under the new Indian data protection law, data principals also have:

These are to protect Data Principals’ privacy and autonomy and prevent Data Fiduciary misuse or abuse of personal data.

Penalties for noncompliance

How Blancco can help

When personal data is no longer needed, or when Data Principals make data erasure requests, organizations governed by the DPDP must securely dispose of that data—whether on end-of-life assets or active networks. Blancco offers a suite of solutions to erase data across your entire range of data storage assets and ensure compliance with DPDP data destruction requirements.

Blancco Drive Eraser – Government Certified *

Erase servers, laptops, desktops, and drives (HDD, SSD, NVMe) with the industry’s most certified solution. Certified to erase to DoD 5220.22, NIST 800-88, and IEEE 2883 standards.

Blancco File Eraser

Erase files and folders from desktops, laptops, and servers manually or automatically.

Blancco LUN Eraser

Erase data in active storage environments while allowing your operating system to remain intact.

Blancco Eraser for Apple Devices

A focused solution for Apple products, including support for M1, M2, and T2 devices.

Blancco Removable Media Eraser

Erase USB drives, SD cards, CompactFlash cards, micro drives, and other flash memory devices.

Blancco Virtual Machine Eraser

Automatically destroy no-longer-needed data on VMs and Hypervisors.

Blancco Hardware Solutions

Onsite appliances for loose, failing, or RMA drives and hard drive enclosures.

Blancco Mobile

Get business-scale diagnostics and secure data erasure of smartphones and tablets.

Blancco Management Portal

Access reports and certificates, and centrally manage users, licenses, and erasures.

* Blancco Drive Eraser is certified by:

STQC (Standardization Testing & Quality Certification) Certified for Common Criteria (ISO 15408) ADISA Certification

Let Blancco help you ensure data deletion compliance under the India DPDP Act.

Sign up for your free enterprise trial today.