Launch of New 38 Company Forms on MCA V3 Portal from July 14, 2025
Ministry of Corporate Affairs (MCA) is set to complete its transition from V2 to V3 of the MCA21 portal with the final rollout of 38 company e-forms.
Appropriate Provision in the Contract Between Data Fiduciary and Data Processor for Taking Reasonable Security Safeguards
When a Data Fiduciary engages a Data Processor, the contractual agreement must clearly define security responsibilities and expectations to ensure lawful and secure processing of personal data.
Reasonable Measures for Continued Processing During Data Compromise
When a compromise such as data breach, system failure, cyberattack, or natural disaster occurs, companies (Data Fiduciaries or Processors) must take proactive and reactive steps to ensure business continuity and the availability of personal data.
Appropriate Measures to Control Access to Computer Resources
Controlling access to computer resources is critical to preventing unauthorized access to personal data.
Appropriate Data Security Measures Under Rule 6(a)
To comply with the obligation to implement reasonable security safeguards, companies should adopt a combination of technical and organizational measures. Below is a detailed list:
Suggested Template to publish Business Information of Data Protection Officer (DPO)
In accordance with the Digital Personal Data Protection Act, 2023, the following details are published for the Data Protection Officer (DPO) designated by [Company Name] to oversee data protection compliance and handle grievances related to personal data processing.
Suggested Mechanism to Redress Grievances of Data Principal
To effectively redress grievances of Data Principals under the Digital Personal Data Protection Act, 2023 (DPDP Act), a company should implement a clear, accessible, and time-bound grievance redressal mechanism. Below are practical, compliant, and user-friendly mechanisms:
Additional obligations of Significant Data Fiduciary
This provision outlines additional obligations imposed on a Significant Data Fiduciary (SDF)—a category of Data Fiduciary that handles large volumes of sensitive personal data or has a high impact on national or public interest.
Rule 10: Verifiable consent for processing of Personal Data of a Child
This clause outlines the obligations of a Data Fiduciary (an entity that determines the purpose and means of processing personal data) with respect to obtaining verifiable consent before processing the personal data of children or persons with disabilities who have a lawful guardian, under the applicable data protection framework in India.
Compliance Under Rule 7 – Intimation of Personal Data Breach
On becoming aware of any personal data breach, the Data Fiduciary shall, without delay and to the best of its knowledge, inform each affected Data Principal in a concise, clear, and plain manner