{"id":1875,"date":"2024-05-25T05:45:38","date_gmt":"2024-05-25T05:45:38","guid":{"rendered":"https:\/\/lawsikho.com\/blog\/?p=1875"},"modified":"2024-05-25T05:45:39","modified_gmt":"2024-05-25T05:45:39","slug":"how-to-handle-cross-border-transactions-under-the-digital-personal-data-protection-act-dpdpa","status":"publish","type":"post","link":"https:\/\/lawsikho-frontend-development.lawsikho.dev\/blog\/how-to-handle-cross-border-transactions-under-the-digital-personal-data-protection-act-dpdpa\/","title":{"rendered":"How to handle cross-border transactions under the Digital Personal Data Protection Act (DPDPA)"},"content":{"rendered":"\n<p>Ever wondered why your online shopping preferences seem to influence ads from companies halfway across the globe?<\/p>\n\n\n\n<p>Or how your Instagram stories, posts, and comments magically show up for your friends and family, no matter where they are?<\/p>\n\n\n\n<p>This fascinating phenomenon is the result of personal data travelling across borders in our interconnected world.<\/p>\n\n\n\n<p>Think about the convenience of cloud storage, where you can access your documents and photos from any device, anywhere in the world.&nbsp;<\/p>\n\n\n\n<p>Or&nbsp;<\/p>\n\n\n\n<p>Those eerily accurate streaming service recommendations\u2014they know your next favourite show before you do, all by analyzing the viewing habits of millions of users globally.<\/p>\n\n\n\n<p>Every time you make an online purchase, book a flight, or use a GPS service, your data is sent across borders to facilitate these transactions and services.&nbsp;<\/p>\n\n\n\n<p>Did you know that in <a href=\"https:\/\/www.seagate.com\/files\/www-content\/our-story\/trends\/files\/Seagate-WP-DataAge2025-March-2017.pdf\" target=\"_blank\" rel=\"noopener\">2022 alone, over 97 zettabytes<\/a> of data were created, captured, copied, and consumed worldwide?&nbsp;<\/p>\n\n\n\n<p>Additionally, the global data sphere is expected to grow to <a href=\"https:\/\/www.forbes.com\/sites\/tomcoughlin\/2018\/11\/27\/175-zettabytes-by-2025\/?sh=4439e3f35459\" target=\"_blank\" rel=\"noopener\">175 zettabytes by 2025<\/a>!<\/p>\n\n\n\n<p>This massive exchange of information not only makes our lives easier but also fuels innovation, allowing companies to offer super personalized and efficient services.&nbsp;<\/p>\n\n\n\n<p><strong>But wait\u2014how do we know that all this personal data flying around is safe and secure?<\/strong><\/p>\n\n\n\n<p>That\u2019s where data protection laws come in to save the day.<\/p>\n\n\n\n<p>And this is where your role steps in as a privacy manager. If your Indian company is engaged in the exchange of data across borders, you need to make sure it happens hassle-free and doesn&#8217;t call for any scrutiny or violations of the DPDPA\u2014the Indian law that acts as a guardian for transfers beyond Indian borders.<\/p>\n\n\n\n<p>So let\u2019s explore the intricacies of managing international data transfers and drafting Data Sharing Agreements (DSAs) to ensure compliance with the DPDPA.&nbsp;<\/p>\n\n\n\n<p><strong>What are Cross-border Data Transfers under DPDPA&nbsp;<\/strong><\/p>\n\n\n\n<p>DPDPA is designed to ensure that personal data remains protected, even when it crosses borders.<\/p>\n\n\n\n<p>To transfer data internationally, businesses must comply with two conditions.&nbsp;<\/p>\n\n\n\n<p>Firstly, the DPDPA takes a negative list approach. <strong>As per Section 16 of the Act<\/strong>, transfers of personal data to countries and territories outside of India are generally permitted, except to countries and territories specifically notified in a \u201cnegative list\u201d issued by the central government.&nbsp;<\/p>\n\n\n\n<p>You also need a lawful basis to transfer personal data outside. Businesses must generally ensure that they are undertaking the transfer for a lawful purpose, as specified in Section 4 of the Act, and on the basis of valid grounds for processing \u2013 that is, either consent or certain \u201clegitimate uses\u201d.&nbsp;<\/p>\n\n\n\n<p><strong>Importance of Data Sharing Agreements under DPDPA&nbsp;<\/strong><\/p>\n\n\n\n<p>Under DPDPA, if you want to share Personal Data, as a data fiduciary, you need to enter into an Agreement with entities that you wish to engage, appoint, use, or otherwise involve as a Data Processor to process personal data.&nbsp;<\/p>\n\n\n\n<p><strong>This is where DSAs become Important.&nbsp;<\/strong><\/p>\n\n\n\n<p>DSAs are typically used when businesses need to share data with each other in order to collaborate on projects, provide services to customers, or improve their products and services.&nbsp;<\/p>\n\n\n\n<p><strong>Here are some situations under which companies would need to enter into DSAs under the DPDPA:&nbsp;<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A business that uses a cloud computing service to store customer data needs to enter into a DSA with the cloud computing provider.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A business that uses a third-party data analytics company to analyze customer data needs to enter into a DSA with the data analytics company.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A business that partners with another business to jointly market or sell products or services needs to enter into a DSA with the partner business.<\/li>\n<\/ul>\n\n\n\n<p>Did you find this interesting?<\/p>\n\n\n\n<p>Want to learn more about Data Sharing Agreements?<\/p>\n\n\n\n<p>Our expert, Pooja Luktuke, has created this video in which she discusses the key elements of a Data Sharing Agreement. She will also use advanced AI tools to draft a Data Sharing Agreement.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ever wondered why your online shopping preferences seem to influence ads from companies halfway across the globe? Or how your Instagram stories, posts, and comments magically show up for your&hellip;<\/p>\n","protected":false},"author":8,"featured_media":1876,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[13,11],"tags":[],"class_list":["post-1875","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-careers","category-featured"],"_links":{"self":[{"href":"https:\/\/lawsikho-frontend-development.lawsikho.dev\/blog\/wp-json\/wp\/v2\/posts\/1875","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lawsikho-frontend-development.lawsikho.dev\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lawsikho-frontend-development.lawsikho.dev\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lawsikho-frontend-development.lawsikho.dev\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/lawsikho-frontend-development.lawsikho.dev\/blog\/wp-json\/wp\/v2\/comments?post=1875"}],"version-history":[{"count":1,"href":"https:\/\/lawsikho-frontend-development.lawsikho.dev\/blog\/wp-json\/wp\/v2\/posts\/1875\/revisions"}],"predecessor-version":[{"id":1877,"href":"https:\/\/lawsikho-frontend-development.lawsikho.dev\/blog\/wp-json\/wp\/v2\/posts\/1875\/revisions\/1877"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lawsikho-frontend-development.lawsikho.dev\/blog\/wp-json\/wp\/v2\/media\/1876"}],"wp:attachment":[{"href":"https:\/\/lawsikho-frontend-development.lawsikho.dev\/blog\/wp-json\/wp\/v2\/media?parent=1875"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lawsikho-frontend-development.lawsikho.dev\/blog\/wp-json\/wp\/v2\/categories?post=1875"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lawsikho-frontend-development.lawsikho.dev\/blog\/wp-json\/wp\/v2\/tags?post=1875"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}