Personal data that exists in digital form, whether collected digitally or digitised from non-digital sources.
Digital personal data is personal data that is collected in digital form or collected in non-digital form and subsequently digitised. The DPDPA 2023 applies exclusively to digital personal data — it does not regulate purely paper-based records that are never digitised. This includes data collected through websites, mobile apps, IoT devices, and any offline data that is later entered into a computer system.
The DPDPA only applies to digital personal data. If your business digitises paper forms into databases or CRMs, that data falls under DPDPA the moment it becomes digital, triggering all compliance requirements.
A Chennai insurance company collects paper application forms at branches. Once staff enter those details into the digital policy management system, it becomes digital personal data subject to DPDPA consent and retention rules.
Some businesses believe data collected offline on paper forms is exempt. The moment that data is entered into any digital system, DPDPA applies fully.
DPDPA Shield automates Data Inventory & RoPA. See how →