Skip to main content

Q4 - How does DPDPA interact with existing Indian laws (IT Act, RBI, IRDAI, SEBI, etc.)?

Answer

DPDPA is a horizontal law — it applies to all sectors, while sector regulators continue to enforce vertical laws.

  • IT Act, 2000: Covers cybercrime and certain security practices. DPDPA specifically governs privacy and data protection, and both will coexist.
  • RBI Regulations: Banks must already follow RBI’s cybersecurity and customer protection rules. DPDPA adds individual rights (access, correction, erasure) on top of those obligations.
  • IRDAI (insurance), SEBI (securities), TRAI (telecom): These regulators already prescribe sector-specific compliance. DPDPA is an umbrella layer ensuring that across all sectors, privacy rights are uniformly protected.
Example

If an insurance company mishandles health data:

  • IRDAI may act for violating insurance regulations.
  • The Data Protection Board may impose penalties under DPDPA for violating privacy rights.

Companies must comply with both sectoral rules and DPDPA, not one or the other.