Data Security Compliance with the India Digital Personal
Data Protection Act
Thales can help organizations to protect sensitive data and to comply with a Data-centric Security approach.
The Indian Parliament passed the Digital Personal Data Protection (DPDP) Act, 2023 in August 2023. The DPDP Act is the first cross-sectoral law on personal data protection in India which is for the processing of digital personal data in a manner that recognizes both the right of individuals to protect their data and the need to process such personal data for lawful purposes and matters connected therewith or incidental thereto.
As one of the leaders in data security, Thales enables organizations to comply with DPDP Requirements by recommending the appropriate data security and identity management technologies.
Regulation Overview
India Digital Personal Data Protection Act protects digital personal data (that is, the data by which a person may be identified) by providing for the following:
Scope of the DPDP Act
The DPDP Act is ‘principles-based legislation’ that relies on concepts that are broadly similar to those in the GDPR. It governs data fiduciaries (i.e. data controllers), data processors and data principals (i.e. data subjects).
Highlights of the DPDP Act
Thales can help organizations to protect sensitive data and to comply with DPDP requirements with a Data-centric Security approach. Organizations can leverage Thales’ suite of identity and data security solutions to become compliant today and stay compliant in the future.
CipherTrust Platform unifies data discovery, classification, and protection and provides unprecedented granular access controls, all with centralized key management. You can rely on Thales CipherTrust Data Security Platform to discover, protect and control your organization's sensitive data, wherever it resides.
Discover: Data Discovery & Classification
The first step in protecting sensitive data is finding the data wherever it is in the organization, classifying it as sensitive, and typing it (e.g. PII, financial, IP, HHI, customer-confidential, etc.) so you can apply the most appropriate data protection techniques. It is also important to monitor and assess data regularly to ensure new data is not overlooked and your organization does not fall out of compliance. CipherTrust Data Discovery and Classification efficiently identifies structured as well as unstructured sensitive data on-premises and in the cloud.
Protect Data-at-Rest
Protect:
Once an organization knows where its sensitive data is, protective measures such as encryption or tokenization can be applied. For encryption and tokenization to successfully secure sensitive data, the cryptographic keys themselves must be secured, managed and controlled by the organization.
Control:
Organizations need to control access to their data and centralize key management. Every data security regulation and mandate require organizations to be able to monitor, detect, control, and report on authorized and unauthorized access to data and encryption keys. The CipherTrust Data Security (CDSP) Platform allows administrators to create a strong separation of duties between privileged administrators and data owners as well as to enforce very granular, least-privileged-user access management policies. CDSP delivers robust enterprise key management via CipherTrust Cloud Key Manager across multiple cloud service providers (CSP) and hybrid cloud environments to centrally manage encryption keys and configure security policies so organizations can control and protect sensitive data in the cloud, on-premise and across hybrid environments.
Protect Data-in-Motion/ Transit
Thales High Speed Encryptors (HSE) provide network-independent, data-in motion encryption (layers 2, 3, and 4) ensuring data is secure as it moves from site-to site, or from on-premises to the cloud and back.
Thales OneWelcome identity & access management solutions provide both the security mechanisms and reporting capabilities organizations need to comply with DPDP requirements. Our solutions protect sensitive data by enforcing the appropriate access controls when users log into applications that store sensitive data. By supporting a broad range of authentication methods and policy-driven role-based access, our solutions help enterprises mitigate the risk of a data breach due to compromised or stolen credentials or through insider credential abuse.
The Indian Parliament passed the Digital Personal Data Protection (DPDP) Act, 2023 in August 2023. The DPDP Act will replace Section 43A of the Information Technology Act, 2000 (“IT Act”) and the Information Technology (Reasonable Security Practices and Procedures and...
This ebook shows how Thales data security solutions enable you to meet global compliance and data privacy requirements including - GDPR, Schrems II, PCI-DSS and data breach notification laws.
Traditionally organizations have focused IT security primarily on perimeter defense, building walls to block external threats from entering the network. However, with today’s proliferation of data, evolving global and regional privacy regulations, growth of cloud adoption, and...
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens - regardless of where the organization is headquartered.
Any organization that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbor” clause.