Chapter 3 of the Digital Personal Data Protection Act 2023 is titled Rights and Duties of Data Principal
This chapter details the rights that individuals (Data Principals) have concerning their personal data and the duties they are expected to fulfill. It includes the right to access, correct, and erase personal data, the right to nominate a representative in cases of incapacity or death, and the obligation to provide accurate information and not misuse their rights. This chapter emphasizes the empowerment of individuals in the management of their data, ensuring they have control over how their personal data is used and processed.
Section 11 – Right to Access Information About Personal Data: This section entitles Data Principals to obtain a summary of their personal data that Data Fiduciaries have. It ensures transparency in data processing by allowing individuals to know what information is held about them.
Section 12 – Right to Correction and Erasure of Personal Data: Data Principals can ask for changes or deletion of their data, ensuring their information remains accurate and up-to-date. This right supports the correction of mistakes and the removal of outdated or irrelevant data.
Section 13 – Right of Grievance Redressal: This section provides a mechanism for individuals to raise concerns or complaints regarding the handling of their personal data. It ensures accountability and a means to seek redress for data-related issues.
Section 14 – Right to Nominate: It allows individuals to appoint a representative to manage their data rights in situations like death or incapacity, ensuring continued protection and management of their personal data.
Section 15 – Duties of Data Principal: This section outlines responsibilities of individuals, such as providing accurate information and using their rights responsibly. It balances rights with duties to prevent misuse of personal data protection mechanisms.