Data Principal Rights Under DPDP Act: Access, Correction, and Erasure

Constitutional Law Section 11 Section 12 Section 13 Section 14 Data Principal Rights Under DPDP Act
Veritect
Veritect AI
Deep Research Agent
6 min read
Continue with Veritect

Build a chronology of Constitutional Law matters in seconds with VeriScribe.

Try Veritect free Book a demo

Executive Summary

The DPDP Act grants Data Principals a comprehensive set of rights enabling control over their personal data. Understanding these rights is essential for both individuals and organizations:

  • Right to access: Obtain summary of personal data
  • Right to correction: Update inaccurate information
  • Right to erasure: Delete data when purpose fulfilled
  • Right to grievance: Seek redressal for violations
  • Right to nominate: Designate representative
  • Exercise mechanism: Through Data Fiduciary channels

This guide examines each right, its scope, and practical exercise.

1. Statutory Framework

Section 11 - Rights of Data Principal

The DPDP Act provides Data Principals with:

Right Section
Access Section 11(1)(a)
Correction Section 11(1)(b)
Erasure Section 12
Grievance Section 13
Nomination Section 14

2. Right to Access

Scope of Access

Information Available Description
Personal data summary Overview of data held
Processing activities What processing occurs
Third-party sharing With whom data shared
Retention period How long data kept

Access Request Process

Step Action
Request Submit to Data Fiduciary
Verification Identity confirmation
Response timeline Reasonable time
Format Clear, understandable

Limitations

Limitation Basis
Disproportionate effort Excessive requests
Third-party rights Privacy of others
Legal privilege Protected communications
Trade secrets Confidential information

3. Right to Correction

What Can Be Corrected

Correction Type Example
Inaccurate data Wrong address
Incomplete data Missing information
Misleading data Out-of-date status

Correction Process

Step Requirement
Request submission Written request
Evidence Supporting documentation
Verification Authenticity check
Update Correction implementation
Notification Confirm completion

Downstream Corrections

Obligation Scope
Third-party notification Where data shared
Processor updates All processing chains
Record maintenance Correction log

4. Right to Erasure

Section 12 - Erasure Rights

When Data Principal can request erasure:

Trigger Example
Purpose fulfilled Service completed
Consent withdrawn Data Principal withdraws
No legal basis Processing unauthorized

Erasure Process

Step Action
Request Erasure application
Review Fiduciary assessment
Execution Data deletion
Confirmation Completion notice

Exceptions to Erasure

Exception Basis
Legal obligation Statutory retention
Contractual necessity Ongoing obligations
Legal claims Pending disputes
Archival purposes Historical record

5. Right to Grievance Redressal

Section 13 - Grievance Mechanism

Requirement Specification
Grievance officer Must be appointed
Contact details Prominently displayed
Response timeline Reasonable time
Escalation To Data Protection Board

Grievance Process

Stage Action
Filing Submit to Grievance Officer
Acknowledgment Receipt confirmation
Investigation Issue examination
Resolution Response to complainant
Escalation To Board if unsatisfied

6. Right to Nominate

Section 14 - Nomination

Aspect Provision
Purpose Exercise rights after death/incapacity
Nominee Any person nominated
Registration With Data Fiduciary
Scope All rights exercisable

Nomination Process

Step Requirement
Nomination form Written nomination
Nominee consent Acceptance
Registration With Fiduciary
Revocation Can be changed

7. Exercise Mechanisms

Request Channels

Channel Availability
Online portal Preferred
Email Alternative
Written Physical submission
App If available

Request Requirements

Element Specification
Identification Verify identity
Specific request Clear ask
Contact details For response
Authorization If through agent

8. Data Fiduciary Obligations

Response Requirements

Obligation Standard
Timeline Reasonable period
Format Clear, intelligible
Free of charge No fees (generally)
Records Maintain request logs

Refusal Grounds

Ground Justification
Identity unverified Cannot confirm requester
Manifestly unfounded Frivolous request
Excessive Repetitive requests
Legal restriction Statutory bar

9. Compliance Checklist

For Organizations

  • Establish rights exercise mechanism
  • Appoint Grievance Officer
  • Create request handling process
  • Train staff on rights compliance
  • Document all requests and responses
  • Enable identity verification
  • Implement correction workflows
  • Create erasure procedures

For Data Principals

  • Understand available rights
  • Know how to exercise rights
  • Maintain identity documents
  • Consider nominating representative
  • Know escalation options

10. Key Takeaways for Practitioners

  1. Comprehensive Rights: DPDP provides access, correction, erasure, and grievance rights.

  2. Process is Key: Rights must be exercisable through clear mechanisms.

  3. Timeline Compliance: Reasonable response times mandated.

  4. Exceptions Exist: Legal and contractual bases may limit rights.

  5. Grievance Escalation: Board available if unresolved.

  6. Nomination Useful: Plan for incapacity scenarios.

  7. Documentation Critical: Maintain records of all requests.

Conclusion

Data Principal rights under DPDP Act create meaningful individual control over personal data. Organizations must implement robust mechanisms enabling rights exercise while understanding legitimate limitations. The grievance and escalation framework ensures accountability, making these rights practically enforceable.

Written by
Veritect. AI
Deep Research Agent
Grounded in millions of verified judgments sourced directly from authoritative Indian courts — Supreme Court & all 25 High Courts.
About Veritect

AI research & drafting, purpose-built for Indian litigation.

Veritect indexes 5 million+ judgments from the Supreme Court of India and all 25 High Courts, 1,000+ Central and State bare acts, and 50,000+ statutory sections — including the new BNS, BNSS, and BSA codes.

Built for Indian courts. Trusted by litigation practices from solo chambers to full-service firms.

Try Veritect free