DPDP glossary

What is Data Fiduciary?

A Data Fiduciary is any person or organisation that decides why and how personal data is processed under India's Digital Personal Data Protection Act, 2023. If you collect user, customer, or employee data and set the purpose, you are likely the Data Fiduciary—not your vendor.

Key requirements

• Publish a clear, itemised privacy notice before or when collecting data
• Obtain valid consent (or rely on a permitted lawful ground) for each purpose
• Implement reasonable security safeguards under Section 8(4)
• Notify the DPBI and affected individuals of personal data breaches
• Respond to Data Principal rights requests within prescribed timelines

Related resources

• DPDP founders guide
• Consent & notice software