Any data about an individual who is identifiable by or in relation to such data.
Personal data means any data about an individual who is identifiable by or in relation to such data. This covers both directly identifying information like names and Aadhaar numbers, and indirectly identifying data like IP addresses or device IDs when linked to an individual. The DPDPA specifically governs digital personal data — personal data in digital form.
Understanding what constitutes personal data determines the scope of your compliance obligations. If you process any data that can identify a person, DPDPA applies to that processing activity.
A Pune-based HR tech startup stores employee names, phone numbers, PAN cards, and performance reviews. All of this is personal data under DPDPA, triggering consent, retention, and security obligations for each data element.
Business email addresses and work phone numbers are still personal data under DPDPA. There is no blanket "business contact" exemption like some other jurisdictions provide.
DPDPA Shield automates Data Inventory & RoPA. See how →