India’s new data protection act, DPDPA, is coming — Is your business ready?

India’s new Digital Personal Data Protection Act (DPDPA) is due to come into force in 2024. The DPDPA intends to safeguard the privacy of Indian citizens by establishing a robust framework for data collection, use, and sharing.

The Act, which was passed into law by the Government of India in August 2023, introduces a host of stringent guidelines that businesses operating in or serving the Indian market must adhere to when handling personal data.

Who does the DPDPA apply to, and what does it cover?

The Act applies to all public and private organizations that handle Indian personal data. This includes businesses operating in India and those outside of the country who use such data, for example, to market or sell to Indian customers.

Unlike the EU’s General Data Protection Regulation (GDPR), which applies to all personal data whether it is digitized or not, the DPDPA only applies to personal data that is in digital form or is digitized after its collection.

What are the key principles outlined in DPDPA for data handling?

The key principles for data handling outlined in the new DPDPA include obtaining explicit consent, limiting data to specific purposes, ensuring data accuracy, implementing robust security measures to prevent unauthorized access, and promoting transparency and accountability in data practices.

Penalties and fines for non-compliance will be imposed in the case of a breach. 

If your organization is affected by the DPDPA, the journey towards compliance offers you a valuable opportunity to review your overall security posture and address any security gaps that could be leave data vulnerable to attack, damage or loss.

Barracuda can help. Our security solutions can support you in achieving, maintaining, and documenting your DPDPA compliance, while strengthening your security environment.  

Meeting the demands of DPDPA with Barracuda

Barracuda provides a comprehensive, integrated set of data protection, retention, and recovery solutions that will safeguard data throughout its lifecycle, from collection and dissemination, all the way to archiving and storage.

1.    Safeguarding your data

The DPDPA expects companies handling Indian data to have robust security measures in place. Barracuda’s email protection, network security, and application protection will enhance data protection, mitigate threats, and ensure secure access to personal data. For example:

• Email protection : Barracuda Email Protection offers email gateway and AI-powered defenses to safeguard data against phishing, ransomware, email impersonation, and other threats, securing not just mailboxes, but also data and users, and encrypting emails to keep their content secure and prevent unauthorized access.
  
• Network security: Ransomware and zero-day attacks require sophisticated defenses that balance detection and response. Barracuda CloudGen Firewall and SecureEdge support DPDPA compliance by ensuring real-time network protection against threats such as SQL injections, cross-site scripting, and DDoS attacks, while controlling access, inspecting security, and enforcing policy across cloud, branch, and device.
  
• Application protection: Barracuda Application Protection combines full Web Application and API Protection (WAAP) functionality with a complete set of advanced security services and solutions that protect your applications against today’s multiplying threats, whether deployed on-premises, in the cloud, or hybrid.
  
• Detection, response, and breach notification: Barracuda Managed XDR is an open extended detection and response (XDR) solution combining sophisticated technologies with a team of security analysts in our Security Operations Center (SOC). This powers quicker threat detection and remediation, as well as compliance with DPDPA breach notification requirements.
  

2.    Data retention and documentation

Barracuda helps organizations comply with the DPDPA’s data retention, documentation, and retrieval requirements by securely storing and managing personal data, including:

• Essential data backup: Backups enable data recovery, risk mitigation, and business continuity, and facilitate audits and legal compliance. Barracuda Backup and Cloud-to-Cloud Backup provide secure, automated, and user-friendly backup solutions for both cloud and physical environments, ensuring reliable data recovery, integrity, and compliance while minimizing human error and downtime.
  
• Data retention, compliance, and e-discovery: Providing secure storage, retention, and easy retrieval of emails via its secure archiving, Barracuda Message Archiver ensures a tamper-proof repository for email data and meets DPDPA data retention requirements,.
  

To learn more about how Barracuda can help you effectively manage personal data in accordance with DPDPA guidelines, don’t miss our webinar: The importance of data privacy and protection in India. Save your seat now.