A core data protection principle under the DPDP Act 2023 requiring that personal data be processed only for the specific, lawful purpose for which consent was obtained or for which it is deemed lawful. Data Fiduciaries cannot collect data for one purpose and use it for an entirely different purpose without obtaining fresh consent. In banking, this means KYC data collected for loan processing cannot be used for unrelated marketing without separate consent. The Data Fiduciary must also erase personal data once the purpose for which it was collected has been served, unless retention is required by law.
Need Expert Advice on Purpose Limitation?
For specific advice on how Purpose Limitation applies to your debt recovery matter, consult Advocate Subodh Bajpai — LLM, MBA (XLRI Jamshedpur). 8+ years of exclusive banking and debt recovery practice across DRT, SARFAESI, IBC, and NI Act.
Defined by Advocate Subodh Bajpai, Senior Partner, Unified Chambers and Associates