The individual whose personal data is being collected, stored, or processed by a Data Fiduciary.
A Data Principal is the natural person to whom the digital personal data relates. In the case of a child below 18, the parent or lawful guardian is considered the Data Principal. The DPDPA grants Data Principals specific enforceable rights including access, correction, erasure, and grievance redressal. The Data Principal is the central figure the Act seeks to protect.
Your customers, employees, and users are all Data Principals. They can exercise rights against your organisation at any time, and you must respond within strict timelines or face penalties.
When a customer of a Mumbai fintech app requests access to all data held about them, they are exercising their right as a Data Principal. The fintech must respond within 30 days with a complete data disclosure.
Some assume Data Principal only means customers. Employees, contractors, job applicants, and website visitors whose data you collect are all Data Principals.
DPDPA Shield automates Data Principal Rights. See how →