Assessing India’s Digital Personal Data Protection Act, 2023: A Comparative Study With The GDPR

Vaibhav Dharod, DY Patil University, School of Law

Kevin Tauro, DY Patil University, School of Law

ABSTRACT

With the increasing digitization of personal data, the need for comprehensive data protection laws has become paramount. The General Data Protection Regulation (GDPR) of the European Union is considered the global benchmark for data privacy and security. In response to similar concerns, India has introduced the Digital Personal Data Protection (DPDP) Act, 2023, aiming to regulate personal data collection, processing, and protection.

This paper explores the necessity of data protection, key threats to personal data, and the principles of an effective data protection framework. It then provides an overview of India’s DPDP Act, 2023, tracing its evolution, key provisions, and intended impact. A core focus of this study is the comparative analysis between India’s DPDP Act and GDPR, highlighting areas of alignment, significant differences, and potential gaps.

The research critically examines whether India’s DPDP Act meets the standards set by GDPR and whether it offers adequate safeguards against cyber threats, data breaches, and misuse of personal information. By identifying key challenges and regulatory shortcomings, this paper aims to contribute to the ongoing discourse on India’s evolving data protection regime and its effectiveness in the global digital landscape.