Under the Digital Personal Data Protection Act 2023 (DPDP Act), a Data Fiduciary is any person (including company, firm, body of individuals, association, State, or Union Territory) that alone or in conjunction with other persons determines the purpose and means of processing of personal data. Banks, NBFCs, hospitals, fintech companies, and e-commerce platforms that collect and process customer data are Data Fiduciaries. They bear the primary obligation of compliance under the DPDP Act, including obtaining valid consent, providing privacy notices, implementing security safeguards, and notifying the Data Protection Board and affected individuals of data breaches.
A bank collecting KYC documents (Aadhaar, PAN, address proof) from loan applicants is a Data Fiduciary under DPDP.
Need Expert Advice on Data Fiduciary?
For specific advice on how Data Fiduciary applies to your debt recovery matter, consult Advocate Subodh Bajpai — LLM, MBA (XLRI Jamshedpur). 8+ years of exclusive banking and debt recovery practice across DRT, SARFAESI, IBC, and NI Act.
Defined by Advocate Subodh Bajpai, Senior Partner, Unified Chambers and Associates