Skip to main content

Q3 - Do SDFs have to appoint their Data Protection Officer (DPO) in India, even if they are a multinational company headquartered elsewhere?

Answer

Yes.

  • The DPO of a Significant Data Fiduciary must be based in India.
  • The DPO must serve as the single point of contact for the Data Protection Board and for Data Principals.
Example

A U.S.-based social media platform with millions of Indian users cannot rely on its global privacy officer in California.

It must appoint a DPO located in India to handle grievances and compliance matters locally.