Under the Digital Personal Data Protection Act 2023 (DPDP Act), a Data Fiduciary is any person (including company, firm, body of individuals, association, State, or Union Territory) that alone or in conjunction with other persons determines the purpose and means of processing of personal data. Banks, NBFCs, hospitals, fintech companies, and e-commerce platforms that collect and process customer data are Data Fiduciaries. They bear the primary obligation of compliance under the DPDP Act, including obtaining valid consent, providing privacy notices, implementing security safeguards, and notifying the Data Protection Board and affected individuals of data breaches.
A bank collecting KYC documents (Aadhaar, PAN, address proof) from loan applicants is a Data Fiduciary under DPDP.
For a bank, NBFC or fintech lender, being a Data Fiduciary under Section 2(i) of the DPDP Act 2023 means it carries the primary statutory burden whenever it decides why and how customer data is processed. In a lending lifecycle, the moment KYC documents, CIBIL data and income proofs are collected for loan assessment, the lender must have a lawful basis, a clear privacy notice, and security safeguards in place. The practical work is mapping every data flow — origination, servicing, recovery, outsourcing to agents — and confirming consent or another lawful ground covers each. When a borrower complains or a breach occurs, the Data Protection Board looks to the Data Fiduciary first, not the processor it engaged. Getting the classification or its obligations wrong exposes the institution to adjudication and penalties, and undermines its position if borrower data later surfaces in recovery disputes. Well-advised institutions confirm their fiduciary obligations before processing begins.
For specific advice on how Data Fiduciary applies to your debt recovery matter, consult Advocate Subodh Bajpai — LLM, MBA (XLRI Jamshedpur). 8+ years of exclusive banking and debt recovery practice across DRT, SARFAESI, IBC, and NI Act.
Defined by Advocate Subodh Bajpai, Senior Partner, Unified Chambers and Associates