The following is a set of definitions of some terms - both technical and legal - used in both the Act and the Rules.
S.No. | Term | One-Line Definition |
1 | Encryption | Converting personal data into unreadable form using mathematical algorithms so only authorised parties can read it. |
2 | Obfuscation | Making personal data unintelligible or unclear to prevent unauthorised understanding. |
3 | Masking | Hiding parts of personal data so only limited portions are visible for authorised use. |
4 | Tokenisation / Virtual Token | Replacing personal data with a unique token mapped to the original data so verification is possible without revealing the actual data. |
5 | Virtual Token (for identity/age) | A privacy-preserving digital token issued by an authorised entity that confirms identity/age without sharing actual documents. |
6 | Authorised Entity | An entity legally empowered by the Government or law to issue verified identity/age details or virtual tokens. |
7 | Digital Locker Service Provider | A notified intermediary that stores and provides verified documents or identity details for authentication. |
8 | Computer Resource | Any computer, system, device, software, or network as defined under the IT Act, relied on for storing or processing data. |
9 | User Account | Any online account, profile, handle, or identifier through which a Data Principal accesses a Data Fiduciary’s services. |
10 | Verifiable Consent | Consent that the Data Fiduciary can reliably confirm as originating from the authorised individual (e.g., parent/guardian). |
11 | Consent Manager | A registered entity that enables Data Principals to give, manage, review, or withdraw consent through an interoperable platform. |
12 | Intermediary | An entity that stores, transmits, or provides access to data on behalf of another person (as defined in the IT Act). |
13 | Data Processor | A person who processes personal data on behalf of a Data Fiduciary. |
14 | Security Safeguards | Technical and organisational measures (e.g., encryption, logging, access controls) to prevent personal data breaches. |
15 | Traffic Data | Logs and metadata associated with the processing activity, retained for audit and breach-related purposes. |
16 | Techno-Legal Measures | Digital, procedural, and legal mechanisms enabling fully online functioning of the Board or Tribunal. |
17 | Personal Data Breach | Any unauthorised processing, disclosure, alteration, loss, or access to personal data. |
18 | Specified Purpose | The purpose for which personal data is collected, stated in the notice given to the Data Principal. |
19 | Data Fiduciary | Any person who determines the purpose and means of processing personal data. |
20 | Significant Data Fiduciary (SDF) | A Data Fiduciary designated by the Government based on volume, sensitivity, or risk factors. |
21 | Data Principal | The individual to whom the personal data relates. |
22 | Processing | Any operation performed on personal data, including collection, storage, use, sharing, or erasure. |
23 | Erasure | Permanent deletion of personal data once purpose is met or on request unless law requires retention. |
24 | Retention | Keeping personal data for the period required for the specified purpose or as mandated by law. |
25 | Breach Notification | The mandatory intimation sent to the Data Principal and the Board when a personal data breach occurs. |
26 | Accessibility Logs | Logs tracking who accessed personal data and when, used to detect unauthorised access. |
27 | Data-Backups | Replicated copies of personal data required for continuity during loss or compromise. |
28 | Digital Office | A fully virtual workspace enabling digital handling of filings, hearings, and adjudication. |
29 | Appellate Tribunal (TDSAT) | The tribunal designated under the DPDP Act to hear appeals against Board decisions. |
Â
Made with Bullet