Data fiduciary
Definition
The term used in India's Digital Personal Data Protection Act 2023 for an entity that determines the purpose and means of processing personal data, equivalent to the GDPR term 'controller'. Data Fiduciaries carry the breach notification obligation under the DPDP Act.
Related terms
- Consent notice
- A notice that must be provided to the data principal before or at the time of requesting consent. It must be clear,...
- Covered Entity / Business Associate
- Terms used in the US HIPAA framework. Covered entities are healthcare providers, health plans, and healthcare clearinghouses. Business Associates are contractors that...
- Data principal
- The individual to whom the personal data relates. Equivalent to the data subject under GDPR. The DPDP Act grants data principals rights...
- Data processor
- An entity that processes personal data on behalf of a data fiduciary, under the fiduciary's instructions. Equivalent to the data processor under...
- Data Protection Board of India (DPBI)
- The adjudicatory body established by the DPDP Act to receive complaints, investigate breaches of the Act, and impose penalties. The Board operates...
- Notification trigger
- The threshold condition that activates a legal notification obligation. Under GDPR the trigger is any personal data breach that poses a risk...
- Personal data breach
- Under GDPR, a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal...
- Safe harbour (encryption)
- A provision in many breach notification frameworks that exempts organisations from individual notification obligations if the breached data was encrypted and the...
- Significant Data Fiduciary (SDF)
- A data fiduciary designated by the central government as carrying elevated risk based on data volume, sensitivity, national security considerations, or impact...
- Supervisory authority
- The national data protection regulator responsible for enforcing GDPR in a given EU member state, such as the UK Information Commissioner's Office...
Explained in these topics
- Breach Notification Laws and ObligationsThe term used in India's Digital Personal Data Protection Act 2023 for an entity that determines the purpose and means of processing personal data, equivalent...
- India's Digital Personal Data Protection Act 2023Any person or entity that determines the purpose and means of processing personal data. Equivalent to the data controller under GDPR. Data fiduciaries bear the...