Key Compliances under Indian Computer Emergency Response Team (CERT-In) Directions, 2022
The Indian Computer Emergency Response Team (CERT-In) Directions, 2022 were issued under the Information Technology Act, 2000 to strengthen cybersecurity and incident response mechanisms in India.
Key Compliances under Information Technology (IT) Act, 2000
The Information Technology Act, 2000 was enacted by the Government of India to grant legal recognition to electronic records, digital signatures, and online transactions in order to facilitate e-commerce and digital governance. It emerged from the need to align with global practices such as the UNCITRAL Model Law on Electronic Commerce and to support India’s growing digital economy.
Key Compliances under Digital Personal Data Protection Act, 2023
The DPDP Act was introduced following the Supreme Court’s 2017 ruling that recognized the right to privacy as a fundamental right. This decision highlighted the need for robust data protection laws in India.
Rule 6 — Reasonable Security Safeguards under the DPDP Rules
Security of personal data is one of the most critical obligations under the Digital Personal Data Protection (DPDP) Act, 2023.
Registration and Obligations of Consent Managers under the Digital Personal Data Protection Framework
The Digital Personal Data Protection (DPDP) regime in India establishes a structured mechanism for enabling Data Principals to exercise meaningful control over their personal data.
Rule 3 — Notice by Data Fiduciary under the DPDP Act, 2023
Under the Digital Personal Data Protection (DPDP) Act, 2023, the foundational principle governing the processing of personal data is informed and specific consent.
Obligations of Data Fiduciary upon Becoming Aware of a Personal Data Breach
The Digital Personal Data Protection (DPDP) Act and its accompanying Rules prescribe stringent obligations on Data Fiduciaries once they become aware of a personal data breach.
Key Provisions of General Data Protection Regulation (GDPR)
General Data Protection Regulation (EU) 2016/679 (GDPR) is a comprehensive regulation adopted by the European Union to govern the collection, processing, and protection of personal data of individuals within the EU and European Economic Area (EEA).
Record-Keeping and Subscriber Information Requirements for Data Centres, VPS, Cloud, and VPN Service Providers
All Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers, and Virtual Private Network (VPN) service providers are mandated to maintain accurate and up-to-date records of their subscribers/customers. These records must be preserved for a minimum period of five (5) years or longer as required by applicable law, even after the cancellation or withdrawal of the subscriber’s registration.
Record-Keeping and Cybersecurity Obligations for Virtual Asset Service Providers
Virtual Asset Service Providers, Virtual Asset Exchange Providers, and Custodian Wallet Providers (as defined by the Ministry of Finance from time to time) are required to mandatorily maintain all information obtained through Know Your Customer (KYC) processes, as well as comprehensive records of all financial transactions, for a minimum period of five (5) years.