Data protection has become one of the most critical concerns in the modern digital age. With increasing reliance on technology, personal data is constantly being collected, processed, and stored by organizations across the globe. To safeguard individuals’ privacy, various regulations have been introduced. Among the most significant are the General Data Protection Regulation (GDPR) and the Digital Personal Data Protection Act (DPDPA) of India.
In this blog, we will explore how many rights are provided under GDPR and DPDPA, understand each right in detail, and compare how these frameworks empower individuals to take control of their personal data.
Send us a message
Share your details and we will send the enquiry to vikash.abym@gmail.com with this article URL automatically attached.
Understanding GDPR and DPDPA
Before diving into the number of rights, it’s important to understand what GDPR and DAPA are.
GDPR (General Data Protection Regulation) is a comprehensive data protection law implemented in the European Union in 2018. It applies to all organizations that process the personal data of EU residents, regardless of where the organization is located.
DPDPA (Digital Personal Data Protection Act, India) is India’s data privacy law aimed at regulating the processing of digital personal data while ensuring individuals’ rights and lawful use of data.
Overview: Rights in GDPR and DPDPA
|
Aspect |
GDPR (EU) |
DPDPA (India) |
| Total Number of Rights | 8 Rights | 6 Rights |
| Right to Be Informed | Yes | Not explicitly defined |
| Right of Access | Yes | Yes |
| Right to Rectification | Yes | Yes (combined with erasure) |
| Right to Erasure | Yes (Right to be Forgotten) | Yes |
| Right to Restrict Processing | Yes | Not explicitly defined |
| Right to Data Portability | Yes (strong) | Limited scope |
| Right to Object | Yes | Not explicitly defined |
| Automated Decision-Making Rights | Yes | Not explicitly defined |
| Right to Withdraw Consent | Implied | Yes (explicit) |
| Right to Grievance Redressal | Indirect (via authorities) | Yes |
| Right to Nominate | No | Yes (unique feature) |
| Focus Area | Broad user rights & strict compliance | Consent-based + grievance handling |
| Enforcement Strength | Very strong (heavy penalties) | Developing framework |
How Many Rights Are There in GDPR?
Under GDPR, individuals (known as “data subjects”) are granted 8 fundamental rights. These rights are designed to give people more control over their personal data and ensure transparency from organizations.
1. Right to Be Informed
Individuals have the right to know how their data is collected, used, stored, and shared. Organizations must provide clear and transparent privacy notices.
2. Right of Access
Also known as a Subject Access Request (SAR), this allows individuals to request access to their personal data and obtain a copy of it.
3. Right to Rectification
Individuals can request correction of inaccurate or incomplete personal data.
4. Right to Erasure (Right to Be Forgotten)
This allows individuals to request the deletion of their personal data when it is no longer necessary or when consent is withdrawn.
5. Right to Restrict Processing
Individuals can limit how their data is used, especially if they contest its accuracy or object to processing.
6. Right to Data Portability
This right allows individuals to obtain and reuse their personal data across different services in a structured, commonly used format.
7. Right to Object
Individuals can object to data processing for specific purposes such as direct marketing.
8. Rights Related to Automated Decision-Making and Profiling
Individuals have the right not to be subject to decisions made solely by automated processes that significantly affect them.
How Many Rights Are There in DPDPA?
Under India’s Digital Personal Data Protection Act (DPDPA), individuals (referred to as “Data Principals“) are granted 6 primary rights.
1. Right to Access Information
Data principals can request details about what personal data is being processed, including purposes and entities with whom data is shared.
2. Right to Correction and Erasure
Individuals can correct inaccurate data and request deletion of data that is no longer necessary.
3. Right to Grievance Redressal
Data principals can file complaints with data fiduciaries and expect timely resolution.
4. Right to Nominate
This unique right allows individuals to nominate another person to exercise their rights in case of death or incapacity.
5. Right to Withdraw Consent
Individuals can withdraw previously given consent at any time.
6. Right to Data Portability (Limited Scope)
While not as expansive as GDPR, DPDPA includes limited provisions that allow individuals to transfer their data under certain conditions.
Key Differences Between GDPR and DPDPA Rights
Although both frameworks aim to protect personal data, there are notable differences in the number and scope of rights.
1. Number of Rights
- GDPR: 8 rights
- DPDPA: 6 rights
GDPR offers a broader set of rights compared to DPDPA.
2. Depth of Rights
GDPR provides more detailed and extensive protections, especially in areas like:
- Automated decision-making
- Data portability
- Right to object
DPDPA focuses more on consent-based processing and grievance mechanisms.
3. Unique Features
- GDPR includes the Right to Object and Automated Decision-Making protections, which are not explicitly defined in DPDPA.
- DPDPA introduces the Right to Nominate, which is not present in GDPR.
4. Enforcement Approach
GDPR is known for strict enforcement and heavy penalties, while DPDPA is still evolving in terms of enforcement mechanisms.
Why These Rights Matter
The rights under GDPR and DPDPA empower individuals in several ways:
- Transparency: Users know how their data is used
- Control: Individuals can modify or delete their data
- Accountability: Organizations must comply with legal standards
- Trust: Builds confidence between users and businesses
In a world where data is often referred to as the “new oil,” these rights act as safeguards against misuse and exploitation.
Practical Examples
To better understand these rights, consider the following scenarios:
- You receive unwanted marketing emails → You can use the Right to Object (GDPR) or withdraw consent (DPDPA).
- Your personal information is incorrect → You can request correction under both laws.
- You stop using a service → You can request deletion of your data.
- A company uses AI to decide your loan eligibility → GDPR allows you to challenge automated decisions.
Challenges in Implementation
Despite these rights, there are challenges:
- Awareness: Many individuals are unaware of their rights
- Compliance Costs: Organizations must invest in compliance systems
- Cross-border Data Issues: Different laws create complexity
- Enforcement Gaps: Especially in newer frameworks like DPDPA
Future of Data Protection Rights
As technology evolves, data protection laws will continue to adapt. Emerging areas include:
- Artificial Intelligence governance
- Biometric data protection
- Cross-border data transfers
- Stronger user consent mechanisms
Countries around the world are likely to adopt GDPR-like frameworks, while refining them based on local needs—just as India has done with DPDPA.
Conclusion
To summarize:
- GDPR provides 8 rights to individuals
- DPDPA provides 6 rights to individuals
While GDPR offers a more comprehensive and mature framework, DPDPA is a significant step forward in India’s data protection journey. Both regulations emphasize transparency, accountability, and user empowerment.
Understanding these rights is essential—not just for organizations to remain compliant, but also for individuals to protect their digital identity in an increasingly data-driven world.
FAQs
Q1. How many rights are there in GDPR?
A1. GDPR provides 8 fundamental rights to individuals regarding their personal data.
Q2. How many rights are included in DPDPA?
A2. DPDPA includes 6 primary rights for data principals.
Q3. What is the main difference between GDPR and DPDPA?
A3. GDPR offers more comprehensive rights and stricter enforcement, while DPDPA focuses on consent and grievance redressal.
Q4. Does DPDPA include the right to be forgotten?
A4. Yes, it is included under the right to correction and erasure.
Q5. What is the Right to Nominate in DPDPA?
A5. It allows individuals to appoint someone to manage their data rights in case of death or incapacity.
Q6. Can I access my personal data under both laws?
A6. Yes, both GDPR and DPDPA provide the right to access personal data.
Q7. Does GDPR allow objection to data processing?
A7. Yes, individuals can object to certain types of data processing under GDPR.
Q8. Is data portability available in DPDPA?
A8. Yes, but it is limited compared to GDPR.
Q9. Which law is stricter, GDPR or DPDPA?
A9. GDPR is generally considered stricter due to its broader scope and heavy penalties.
Q10. Why are data protection rights important?
A10. They protect individuals’ privacy, ensure transparency, and hold organizations accountable for data usage.