Skip to main content

Q1 - What is the difference between a Data Fiduciary and a Data Processor?

A Data Fiduciary is the entity that decides why and how personal data will be processed. It holds the main responsibility under DPDPA because it determines the purpose of data use.

A Data Processor is an entity that processes personal data on behalf of a Data Fiduciary, without deciding the purpose.

Example

ABC Insurance Ltd. collects policyholder data to issue health policies. It is the Data Fiduciary because it decides what data to collect and why.

The company outsources claims processing to XYZ BPO Services. XYZ only handles the data as instructed — verifying medical bills, entering claim details, and updating records. XYZ is a Data Processor, because it has no say in why the data was collected or how it will be used.