Data Principal Rights
The Data Principal Rights Module (DPRM) empowers individuals to exercise their rights under the Digital Personal Data Protection Act (DPDPA), 2023 while enabling the Consent Management Platform (CMP) privacy team to review, act, and track these requests for compliance and accountability.
1. Objectives
- Provide a self-service interface for Data Principals to exercise their rights.
- Support Section 11 (Right to Information, Correction, Erasure) and Section 12 (Right to Grievance Redressal) of DPDPA.
- Allow CMP privacy teams to manage, validate, and fulfill requests within statutory timelines.
- Maintain audit-ready logs of requests and actions taken.
2. Rights Under DPDPA Covered
| Section | Right | Description |
|---|---|---|
| Section 11(1) | Right to Information | Know what data is processed, purpose, recipients, and how to exercise rights. |
| Section 11(2) | Right to Correction and Erasure | Request correction of inaccurate data and erasure of data no longer necessary or consent withdrawn. |
| Section 12 | Right to Grievance Redressal | Raise complaints about data processing or non-compliance with the Act. |
3. Core Features
| Feature | Description |
|---|---|
| Rights Dashboard | Data Principals can view, submit, and track their rights requests. |
| Request Categories | Access, Correction, Erasure, Nomination, Grievance. |
| Secure Submission | Requests submitted through authenticated sessions or tokenized links. |
| Internal Review Console | CMP privacy team dashboard to validate and fulfill requests. |
| SLA Tracking | Monitor statutory deadlines for responding to Data Principals. |
| Notifications | Inform Data Principals at each stage of their request lifecycle. |
| Audit Logs | Immutable record of each request and corresponding action. |
| Integration APIs | Allow DFs/DPs to receive and act on requests directly from CMP. |
4. Workflow
4.1 Data Principal Side
- Submit Request – Access via CMP dashboard or Data Fiduciary portal.
- Authenticate – Verify identity using OTP, password, or digital signature.
- Select Right – Choose from Access, Correction, Erasure, Nomination, or Grievance.
- Provide Details – Add necessary context (data element, purpose, supporting docs).
- Track Progress – Receive updates on status and final outcome.
4.2 CMP Privacy Team Side
- Review Request – Validate identity and scope.
- Coordinate – Forward request to relevant Data Fiduciary/Data Processor systems.
- Fulfill Request – Provide data, correct errors, erase data, or acknowledge grievance.
- Notify Outcome – Communicate resolution to the Data Principal.
- Report – Log outcome and maintain records for DPBI inspection.