Skip to main content

Q2 - How does the law apply to NGOs, schools, and hospitals that are not-for-profit but still collect personal data?

Answer
  • DPDPA applies to all entities, whether for-profit or non-profit, if they process personal data digitally.
  • NGOs, schools, and hospitals are Data Fiduciaries when they handle data like student records, donor details, or patient information.
Example
  • A school collecting student Aadhaar numbers for exam registration must provide parents with notices and grievance contacts.
  • An NGO collecting phone numbers of beneficiaries for a government welfare program must also ensure lawful processing.
  • A hospital trust running a charitable clinic must secure patient medical records under the same safeguards as private hospitals.