DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

DPDP Act · Section 11-14

DPDPA Sections 11-14: Data principal rights

DPDPA Sections 11-14 explained: the data principal's rights to access, correction and erasure, grievance redressal and nomination, and how to operate a compliant request process.

In short
Sections 11 to 14 of the DPDP Act give data principals the right to access a summary of their personal data and the processing activities (Section 11), the right to correction, completion, updating and erasure (Section 12), the right to grievance redressal from the fiduciary or Consent Manager (Section 13), and the right to nominate another person to exercise their rights in case of death or incapacity (Section 14). You need a working request process with clear timelines to honour them.
Last updated 2026-06-03

Access and information (Section 11)

On request, a data principal is entitled to a summary of the personal data being processed and the processing activities, the identities of other fiduciaries and processors with whom the data has been shared along with a description of what was shared, and any other prescribed information.

Correction, erasure and grievance (Sections 12-13)

Data principals can request correction, completion, updating and erasure of their personal data, and you must act unless retention is required by law. They also have a right to a readily available grievance-redressal mechanism, with a response within the period the Rules prescribe.

ConsentX includes a request intake (DSAR-style) with SLA timers and an audit trail, which covers these obligations and overlaps with the processes you may already run for the GDPR or CCPA.

Nomination and the data principal's duties (Sections 14-15)

Section 14 lets a data principal nominate another individual to exercise their rights in the event of death or incapacity. Section 15 places duties on data principals too, including not registering false or frivolous grievances, which you can reference when triaging requests.

This page is a plain-English summary of the Digital Personal Data Protection Act, 2023 for general information and is not legal advice. Confirm your obligations with qualified counsel.

All DPDPA sectionsDPDP Act explainedDPDPA overviewConsentX for India

Meet this DPDPA requirement with ConsentX

DPDPA-native consent, Section 9 age-gate and verifiable receipts. Start free or take the DPDPA quiz.

Get started free Take the DPDPA quiz

DPDPA Section 11-14 questions

What rights do data principals have under the DPDP Act?+

Access to a summary of their data and processing (Section 11), correction and erasure (Section 12), grievance redressal (Section 13), and nomination of another person to exercise their rights (Section 14).

How quickly must I respond to a DPDPA request?+

Within the period prescribed by the DPDP Rules. Operate a request intake with SLA timers so deadlines are visible and met.

More DPDPA sections

DPDPA Section 5: NoticeDPDPA Section 6: Consent and withdrawalDPDPA Section 7: Certain legitimate usesDPDPA Section 8: Duties of a data fiduciaryDPDPA Section 9: Children's dataDPDPA Section 10: Significant Data FiduciariesDPDPA penalties: Section 33 and the Schedule