Grievance Redressal Mechanism and Data Protection Officer under the DPDPA, 2023

Recognizing the need to protect privacy rights of the individuals (“Data Principal”), the Digital Personal Data Protection Act, 2023 (DPDPA) provides the Data Principals with the following rights: (i) right to obtain information on personal data processing by the Data Fiduciary; (ii) right to correct, update or erase her personal data; (iii) right to nominate someone else in the event of her death or incapacity to exercise her rights; and (iv) right to withdraw consent.

Besides the rights, the Data Principals may also have other grievances related to Data Fiduciary’s performance of its obligations under the DPDPA.

DPDPA, in consideration of the above purposes, mandates the establishment of a mechanism by a Data Fiduciary to redress the grievances of Data Principals and to enable them to exercise their rights.

Whether the Data Protection Officer (DPO) can be the go-to person for the grievance redressal mechanism, or should there be a separate grievance officer? Where the Data Fiduciary is a significant data fiduciary under the DPDPA, the Data Protection Officer should be the point of contact for the grievance redressal mechanism.

In case of non-significant data fiduciary, there would be no obligation for the Data Fiduciary to appoint a DPO, which negates the need to have the DPO as the point of contact for grievance redressal mechanism.

That said, in lieu of the DPO, DPDPA requires such data fiduciary to publish the contact details of the person who can (i) communicate with the Data Principals to assist with their rights; and (ii) handle the queries of Data Principals on processing of their personal data by Data Fiduciary and assist with the rights under the DPDPA (Privacy Officer).

DPDPA clarifies that DPO should be based in India as a representative of a significant data fiduciary and be an individual responsible to its Board of Directors or similar governing body. DPDPA, however, does not specify similar requirements for a Privacy Officer.


Similar Articles

Contact us for a Solution

Contact us for more information about our services and how we can help


As per the rules of the Bar Council of India, we are not permitted to advertise or solicit work. By accessing and browsing through this website, all users agree and acknowledge that the content of this website is for informational purposes only and that there has been no form of solicitation, advertisement or inducement by NovoJuris Legal or its members, in any form. No information provided on this website should be construed as legal advice and NovoJuris Legal shall not be liable for consequences of any action taken by relying on the information provided on this website.