101

DPDP Act — India’s Data Protection Law What is the DPDP Act? The Digital Personal Data Protection Act (DPDP) is India’s comprehensive data protection legislation, enacted in 2023. It governs how personal data is collected, processed, and stored—protecting citizen privacy while enabling digital innovation. Key Definitions Personal Data Any information that can identify an individual Includes: Name, phone, email, biometrics, location Even online identifiers: IP addresses, cookies Data Fiduciary Organization: Determines purpose of processing Examples: Companies, apps, websites Obligations: Must protect data Data Principal Individual: Whose data is being processed Rights Holder: You have rights over your data Your Rights as a Citizen Data Rights Access: Get copy of your data held Correction: Fix inaccurate data Erasure: Request deletion (“right to be forgotten”) Portability: Transfer data to another service Grievance: File complaints How to Exercise Submit request to data fiduciary Must respond within specific timeline Can escalate to Data Protection Board Obligations for Businesses Consent Requirements Explicit Consent: Clear, specific permission Purpose Limitation: Only for stated reason Withdrawal: Must be as easy as giving consent Children’s Data: Parental consent required (<18) Data Fiduciary Duties Purpose Limitation: Process only for stated purpose Data Accuracy: Keep data accurate Security: Reasonable safeguards Breach Notification: Notify affected individuals + Board Data Retention: Delete when no longer needed Exemptions Government Exemptions National Security: For defense, security Legal Proceedings: Court cases Regulatory Functions: RBI, SEBI powers Other Exemptions Research: Anonymized data Employment: Employee records Emergency: Life-threatening situations Data Protection Board Structure Chairperson: Appointed by Central Government Members: 2-6 technical/financial experts Powers: Enforcement, penalties, appeals Functions Grievance Redressal: Handle complaints Compliance Audits: Check organizations Cross-Border Transfers: Approve agreements Penalties Minor Breach: ₹50,000 - ₹5 crore Serious Breach: ₹5 crore - ₹25 crore Repeated Breach: Up to ₹50 crore Key Differences from GDPR Aspect DPDP Act GDPR Consent Opt-in Opt-in Children <18 years <16 years Data Transfer Listed countries only Adequacy mechanism Regulator Board DPA Cross-Border Data Transfer Allowed Destinations White-listed Countries: As notified by Government Standard Contractual Clauses: Approved agreements Binding Corporate Rules: Intra-group policies India’s Position No explicit “adequacy” from EU yet Negotiations ongoing Data localization for some sectors Compliance Timeline Phased Implementation Phase 1: Key provisions (2024) Phase 2: All obligations (2025) Phase 3: Full enforcement Who Must Comply All Data Fiduciaries: Operating in India Digital Platforms: Apps, websites Government Bodies: Local and state Your Data Rights in Action Access Request Example 1 2 3 4 5 6 7 8 9 10 11 To: [Company Privacy Team] Subject: Data Access Request - [Your Name] I am requesting access to all personal data you hold about me, including: - Account information - Transaction history - Communication records - Any third parties with whom shared Please provide within 30 days as required by DPDP Act. Filing a Complaint Internal: First to the organization Board: If unresolved in 30 days Appellate Tribunal: Next level High Court: Final appeal Key Sectors Impacted Tech Companies Social Media: Must remove content on request E-Commerce: Consent for data usage Fintech: Aadhaar, KYC data protection Healthcare Hospital Records: Patient data protection Insurance: Medical history privacy Research: Anonymization requirements Government Aadhaar: UIDAI data handling Service Delivery: citizen data protection Surveillance: Checks and balances Best Practices for Citizens Protecting Your Data Minimize Sharing: Only provide necessary data Read Policies: Understand how data used Revoke Consent: When no longer needed Request Deletion: Periodically clean up Use Privacy Tools: VPN, ad blockers Red Flags Excessive Permissions: Apps asking too much No Opt-Out: Can’t withdraw consent Unclear Purpose: Why they need data unclear Prime References DPDP Act 2023 - Full text MeitY DPDP - Implementation Data Protection Board - Complaints This 101 guide is part of DPIWatch’s citizen education initiative. Last updated: March 2026. ...

eSign — Digital Signatures for All What is eSign? eSign is an online electronic signature service in India, legally recognized under the IT Act 2000. Unlike physical digital signature certificates, eSign is Aadhaar-based and can be obtained instantly—eliminating the need to visit certification authorities. How eSign Works Process Flow Document Upload: User uploads document needing signature Aadhaar Authentication: Identity verification via OTP/biometric Signing: Cryptographic signature applied to document Certificate Generation: Signed PDF returned Verification: Anyone can verify signature validity Technical Details Standard: X.509 certificate based Algorithm: RSA 2048-bit encryption Certificate Validity: Typically 1-2 years Legal Standing: Same as handwritten signature (Section 5, IT Act) Use Cases Personal Property Documents: Register property online Legal Agreements: Contracts, affidavits Government Services: Submit forms digitally Business MCA filings: Company incorporation, annual returns GST Returns: Signed tax submissions Bank Documents: Loan applications, agreements Employment Contracts: Remote hiring Government Digital Locker: Sign stored documents Aadhaar Services: Update requests Income Tax: ITR verification eSign Service Providers ###MCA-Authorized ...

MeitY — Ministry of Electronics & Information Technology What is MeitY? MeitY (Ministry of Electronics & Information Technology) is the central government ministry driving India’s digital transformation. Established in 2014 (from DeitY), it oversees the ₹1 lakh crore Digital India programme and all things tech in government. Key Responsibilities Policy & Regulation IT Laws: Information Technology Act, 2000 Software Policies: Electronics manufacturing, semiconductors Data Governance: DPDP Act implementation Cybersecurity: National CERT-In direction Digital India Programme BHIM: UPI app development DigiLocker: Document storage platform e-Governance: Government service digitization Startup India: Tech ecosystem support Major Initiatives Digital Infrastructure UMANG: Unified mobile app for government services API Setu: Open API platform GeM: Government e-Marketplace DIAL: Digital India Application Layer Digital Services e-Hospital: Online hospital management DigiShaale: Digital schools e-Pathshala: Educational resources Jan Dhan: Financial inclusion Regulatory Bodies Under MeitY CERT-In Function: Cybersecurity incident response Powers: Directions for reporting, compliance Reports: Vulnerability disclosures MeitY Bodies STQC: Standardization, Testing & Quality Certification NIELIT: Technical education C-DAC: R&D in emerging technologies Policy Framework Recent Regulations (2024) Data Protection: DPDP Act implementation Intermediary Rules: Social media compliance AI Guidelines: R&D framework Semiconductor Mission: $10B incentive scheme IT Act 2000 (Amended) Digital Signatures: Legal recognition Cyber Crimes: Offenses and penalties Intermediate Liability: Platform responsibility Aadhaar: Legal framework for UIDAI Budget & Spending Digital India Allocation 2024-25: ₹1.2 lakh crore 2023-24: ₹95,000 crore 2022-23: ₹78,000 crore Key Sectors Rural Broadband: BharatNet (₹60,000 crore) Skill Development: ₹3,000 crore Startups: ₹5,000 crore corpus Semiconductors: $10B over 6 years Impact on Citizens Services Access UMANG: 1700+ services DigiLocker: 6 billion+ documents BHAM: Healthcare integration Employment IT Exports: $200+ billion (2024) Direct Jobs: 5 million+ Startup Ecosystem: 100+ unicorns Grievance Redressal For Digital Services Digital India Portal: grievances digitalindia.gov.in CPGRAMS: For all government services MeitY Helpline: For technical issues For Data Protection DPDP Board: Data privacy complaints CERT-In: Cybercrime reporting Key Officials & Structure Leadership Cabinet Minister: Ministry of Electronics & IT Minister of State: Additional charge Secretary: Administrative head Departments DeitY: Electronics manufacturing MeITY: IT and services STQC: Quality certification Prime References MeitY Official - Main portal Digital India - Programme details UMANG - Mobile services DigiLocker - Document service This 101 guide is part of DPIWatch’s citizen education initiative. Last updated: March 2026. ...

NPCI — National Payments Corporation of India What is NPCI? NPCI is the umbrella organization for all retail payment systems in India. Founded in 2008 by RBI and Indian Banks’ Association, it operates UPI, RuPay, IMPS, and more—processing 15+ billion transactions monthly. NPCI’s Role Infrastructure Provider Payment Switch: Routes transactions between banks Settlement: End-of-day clearing and settlement Standards: Unified technical specifications Security: Centralized fraud monitoring Governance Ownership: Banks (51%), RBI (1%), NPCI (48%) Board: Scheduled rotation among promoter banks Oversight: RBI regulatory supervision NPCI Products Real-Time Payments UPI: 10+ billion monthly transactions UPI Lite: Offline micro-payments Credit on UPI: Credit line integration Other Systems IMPS: 24/7 interbank transfers RuPay: Domestic card network Bharat BillPay: Utility bill payments AePS: Banking correspondent services NACH: Bulk payment system RuPay Card Network What is RuPay? India’s domestic card network (launched 2012) competing with Visa/Mastercard. Over 900 million cards issued. ...

UPI — Unified Payments Interface What is UPI? UPI is India’s real-time payment system enabling instant fund transfers between bank accounts via mobile apps. Launched in 2016 by NPCI, it handles 10+ billion transactions monthly (2024), making it the world’s largest payment platform. How UPI Works Transaction Flow Sender Opens App: Selects UPI, enters recipient’s UPI/VPA Authenticates: Enters MPIN or uses biometrics Verification: Sender’s bank validates Processing: NPCI routes to receiver’s bank Confirmation: Instant SMS/notification to both Key Entities Payer PSP: Sender’s app (PhonePe, Paytm, GPay) Payee PSP: Receiver’s app NPCI: Central switch routing transactions Bank: Settlement participant UPI Features Payment Types P2P Transfer: Person to person P2M Transfer: Person to merchant (QR, UPI ID) Collect Request: Request money from someone Bill Payments: Via BBPS integration UPI Lite: Offline low-value payments (<₹500) Advanced Features UPI Autopay: Recurring payments (SIP, subscriptions) UPI International: Singapore, UAE, France, UK Credit on UPI: Credit line payments (new) Voice UPI: Voice commands for transfers Transaction Limits (2024) Transaction Type Limit Per Transaction ₹1,00,000 Daily Limit ₹2,00,000 (customizable) UPI Lite ₹500 per transaction PPI Wallet ₹10,000/month UPI Statistics (2024) Monthly Volume: 10+ billion transactions Monthly Value: ₹18+ lakh crore Registered Users: 400+ million Merchants: 50+ million Security Features Authentication MPIN: 4-6 digit secret PIN Biometrics: Fingerprint, face recognition Device Binding: Single device access Tokenization: Card data protection Fraud Prevention Handle Verification: Never pay to fake IDs Screen Share: Never share during payment Transaction Alerts: SMS + push notifications UPI Global Expansion Countries Live Singapore: GPay, liquid, NTUC UAE: LuLu, Wallets France: Bhim, indian banks UK: Zips How International UPI Works Link Indian bank account to international number Convert INR to local currency automatically Same UPI ID works abroad Common Issues & Solutions Failed Transactions Insufficient Balance: Add funds Bank Server Down: Try later Daily Limit Reached: Wait or increase limit Wrong UPI ID: Verify recipient Dispute Resolution Bank Level: 24-48 hours NPCI Level: For PSP disputes RBI Ombudsman: For unresolved issues Prime References NPCI UPI - Official documentation UPI Chalega - Government campaign RBI Payment Systems This 101 guide is part of DPIWatch’s citizen education initiative. Last updated: March 2026. ...