📄 Article
✓ Link checked
India
Free
Beginner
Why we picked it
DSCI is India's industry body on data security (a NASSCOM initiative), so this is about as close to a canonical plain-language reading of the Act as you get without a lawyer. Three pages, no jargon wall: it lays out who counts as a data fiduciary, the consent and notice rules, the data principal's rights (access, correction, deletion), and breach duties. Read this before you read any blog's interpretation, so you can tell which ones are getting it right.
From
Data Security Council of India
by Data Security Council of India (DSCI)
10 min read
- The Act triggers the moment you process digital personal data, and it defines you (the collector) as the data fiduciary carrying the obligations
- Consent has to be free, specific, informed, and unambiguous through a clear affirmative act, which kills the pre-ticked box
- Data principals get enforceable rights to access, correct, and erase their data, plus grievance redressal, so your app needs to actually support deletion
Open
dsci.in →
📄 Article
✓ Link checked
India
Free
Beginner
Why we picked it
This is the founder-facing counterpart to the DSCI summary: instead of restating the law, it turns it into an 8-step implementation roadmap for a small team, from writing a real notice to enabling deletion to logging breaches. It is honest that founders can be personally liable and that penalties run into hundreds of crores, but it also says the security safeguards need not be expensive for a small team, which is the practical read you want before you over-engineer.
From
Corrida Legal
by Corrida Legal
15 min read
- Non-compliance is not just a fine: in some cases founders carry personal liability, so this is not a task you can indefinitely defer
- Users need genuine, user-friendly ways to exercise access, correction, erasure, and consent withdrawal, which is a product requirement, not a legal footnote
- A Data Protection Officer in India is only mandatory once you are classed a Significant Data Fiduciary (by data volume and sensitivity), so most early startups do not need one yet
Open
corridalegal.com →