Overview
This article provides a detailed, layman-language explanation of Cross-Border Data Transfer Under DPDP Act under the DPDP Act, 2023 and applicable Rules/Regulations. All amendments, notifications, and circulars up to March 2026 are incorporated.
Relevant provisions: Section 16.
Legal Framework
Section 16 of the DPDP Act, 2023 establishes the framework for cross-border. The provisions cover: (a) scope and applicability, (b) registration/compliance requirements, (c) rights and obligations of parties, (d) enforcement mechanisms, and (e) penalties for non-compliance.
Who Is Affected?
| Category | Applicable? | Key Requirement |
|---|---|---|
| Individual / Consumer | Yes (where applicable) | Rights protection, complaint mechanism |
| Business / Company / LLP | Yes | Registration, compliance, record-keeping |
| Startup / MSME | Yes | Special provisions and concessions may apply |
| Importer / Exporter | Yes (where applicable) | License, compliance with Indian standards |
| Professional / Service Provider | Yes | Professional standards, liability provisions |
Detailed Explanation with Examples
Example 1: A business owner in Faridabad must understand cross-border provisions to ensure proper compliance from the start. This includes identifying applicable requirements, obtaining necessary registrations, and meeting ongoing obligations within prescribed timelines.
Example 2: A startup founder needs to navigate cross-border requirements efficiently. With DPIIT recognition and MSME status, certain relaxations and concessions may be available, but the core compliance framework remains the same.
Example 3: Consider a consumer or employee affected by cross-border provisions. The law provides specific rights, remedies, and complaint mechanisms. Understanding these helps enforce your rights effectively.