Practice Area
Data Protection
Overview
India’s Digital Personal Data Protection Act, 2023 establishes a comprehensive framework for the processing of digital personal data — imposing obligations on Data Fiduciaries regarding consent, purpose limitation, data accuracy, security safeguards, and data principal rights. With penalties reaching INR 250 crore per instance for specified violations, compliance is no longer a back-office function but a board-level risk management priority. Corpus Lawyers advises businesses on DPDP Act compliance, privacy programme design, and data-related regulatory and contractual matters.
DPDP Act Compliance Programme
End-to-end advisory on compliance with the Digital Personal Data Protection Act, 2023 — covering data mapping and classification, consent management framework design, privacy notice drafting, data principal rights mechanisms, and Significant Data Fiduciary obligations.
Privacy Policy and Notice Drafting
Drafting of privacy notices, consent forms, and data processing disclosures that comply with the DPDP Act’s requirements for clear and accessible communication — covering purpose specification, data categories collected, retention periods, and rights of data principals.
Data Processing Agreements
Drafting and negotiation of data processing agreements and data protection addenda between Data Fiduciaries and Data Processors, covering scope of processing, sub-processor management, security obligations, breach notification procedures, and liability allocation.
Cross-Border Data Transfer Advisory
Advisory on cross-border transfer of personal data under the DPDP Act’s provisions and any notified transfer frameworks — covering structural requirements for international data transfers and assessment of data protection standards in receiving jurisdictions.
Data Breach Response
Advisory on data breach management and notification obligations under the DPDP Act — including breach assessment, notification to the Data Protection Board of India, communication to affected data principals, and documentation of breach response actions.
Data Protection in M&A Transactions
Data protection due diligence in M&A transactions, covering assessment of the target’s compliance posture, identification of data protection liabilities, and structuring of representations, warranties, and indemnities relating to data protection in acquisition documentation.
For legal matters in this practice area, contact us at the details below. This page contains general information only and does not constitute legal advice.