Master the fundamental rights granted to individuals under Chapter III of DPDPA 2023 — from access and correction to grievance redressal and nomination, with practical implementation strategies.
Rights and Duties of Data Principal (Sections 11-15)
Rule 13: Rights implementation, response timelines, publishing requirements
Article 21: Right to Privacy as fundamental right (Puttaswamy, 2017)
Up to ₹200 Crore for non-compliance with rights requests
The right of an individual to exercise control over his personal data and to be able to control his/her own life would also encompass his right to control his existence on the Internet.
K.S. Puttaswamy v. Union of India, (2017) 10 SCC 1
Case C-131/12 (CJEU, 2014) — The "Right to be Forgotten" Case
The European Court of Justice established that individuals have the right to request removal of personal data from search engine results when the information is inadequate, irrelevant, or no longer relevant. This landmark ruling influenced India's inclusion of the erasure right under Section 12(3) of DPDPA. The court balanced individual privacy rights against public interest in access to information — a balancing test now embedded in India's framework.
What you'll master in this module
Understand data access requests, information disclosure requirements, and response mechanisms
Master data rectification procedures and the conditions for lawful data deletion
Design compliant grievance mechanisms and understand the exhaustion requirement
Implement nomination systems for death or incapacity scenarios
Understand the reciprocal obligations placed on data principals
Design rights management systems with templates and workflows
5 comprehensive lessons covering all Data Principal rights
Learn how data principals can obtain summaries of their personal data, understand processing activities, and identify all entities with whom their data has been shared.
Master the correction, completion, and updating obligations, plus understand when erasure is mandatory and when retention exceptions apply under law.
Design compliant grievance mechanisms, understand response obligations, and learn the mandatory exhaustion requirement before approaching the Board.
Understand nomination rights for death and incapacity scenarios, implement nomination mechanisms, and handle posthumous data management complexities.
Learn the reciprocal duties imposed on data principals — from compliance obligations to prohibitions against impersonation, false information, and frivolous complaints.
Test your understanding of Data Principal rights with scenario-based questions covering all five sections.