ProtectComplyYour Compliance partner
← Back to DPDP primer

DPDP §11

Right to Access, Correction, Erasure

Paraphrased legal text

The Data Principal has the right to obtain a summary of personal data being processed, the identities of all Data Fiduciaries and Processors with whom the data has been shared, the right to correction, completion, updating and erasure, and the right of grievance redressal.

What this means in plain English

  • Access — a principal can demand a summary of their data.
  • Correction / completion / updating — a principal can demand fixes.
  • Erasure — a principal can demand deletion when purpose is exhausted.
  • Grievance — a principal can complain about how the Fiduciary handles their data.
  • Rule 12 mandates a refusal-must-state-reasons standard.

Penalty if you get this wrong

Up to ₹50 crore for breach of obligations relating to the rights of Data Principals.

How ProtectComply solves it

Rights Manager (DSR)

  • Public principal portal at /rights/[org]
  • OTP-verified intake, auto-routing, AI response drafter, SLA timer
  • Rule 12 refusal-must-state-reasons enforced
  • PDF export for principals + signed audit trail for the Board
See the module →

Related

DPDP §13 — Grievance RedressalDPDP Rule 12 (2025) — Exercise of Principal RightsDPDP Rule 13 (2025) — Grievance Resolution Timeline