Data PrivacyWhy NDAs Should be Revised to Comply with DPDPA, 2023?

October 15, 20230
Why NDAs Should be Revised to Comply with DPDPA, 2023?


As the Digital Personal Data Protection Act,2023(DPDPA), is about to be in force in India, legal frameworks around data protection are expected to be undergoing significant changes. The impact of this landmark legislation on Non-Disclosure Agreements (NDAs) cannot be overstated.

Incongruencies in Pre-Existing NDAs
  1. Vagueness in Confidentiality: Traditional NDAs may contain overly broad or imprecise definitions of ‘confidential information,’ which could conflict with DPDPA’s specific data purpose driven processing.
  2. Lack of Consent Protocols: Traditional NDAs often lack detailed clauses around consent for data processing or sharing, thus being at odds with DPDPA’s stress on explicit consent in terms of Section 6 of DPDPA.
  3. Data Security Measures: Older NDAs may not have robust data security stipulations that align with DPDPA guidelines, presenting legal vulnerabilities.
  4. Global Data Transfers: Some NDAs may facilitate data transfers outside India, potentially conflicting with DPDPA’s data localization mandates.
Recommendations for Revising NDAs
  1. Revise Confidentiality Clauses: Align the definitions of Data Principal and its rights over her personal data.
  2. Incorporate Consent Mechanisms: Stipulate explicit and informed consent mechanisms that meet DPDPA requirements.
  3. Detail Data Handling: Lay down specific provisions on how data should be collected, stored, processed, and deleted.
  4. Localization Requirements: Introduce clauses that are aligned with DPDPA’s data localization mandates.
  5. Compliance Audits: Insert clauses permitting regular audits to ensure continual adherence to DPDPA.
  6. Penalty Provisions: Clearly define the consequences of failing to comply with the DPDPA, including potential legal penalties.
Retroactive vs Proactive Revision
  1. Future NDAs: All NDAs drafted post-DPDPA enactment should inherently be in compliance with the Act.It is easier to implement changes in future NDAs, ensuring they are designed to comply with DPDPA, 2023.
  2. Existing NDAs: A risk assessment should be conducted on existing NDAs. Where incongruencies are identified, renegotiation or addendums may be necessary.Modifying existing NDAs is more complex and may require renegotiation but is necessary to minimize legal risks. In some cases, an addendum can be added to align the NDA with DPDPA.

The complex landscape formed by the DPDPA, 2023, not only requires new NDAs to be meticulously crafted but also mandates existing ones to be examined, and if necessary, amended. Failure to do so may result in severe legal repercussions.

To interact or discuss further on Data Protection, connect on

© 2020-21 AMLEGALS Law Firm in Ahmedabad, Mumbai, Kolkata, New Delhi, Bengaluru for IBC, GST, Arbitration, Contract, Due Diligence, Corporate Laws, IPR, White Collar Crime, Litigation & Startup Advisory, Legal Advisory.


Disclaimer & Confirmation As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking on the “I AGREE” button below, user acknowledges the following:
    • there has been no advertisements, personal communication, solicitation, invitation or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
    • user wishes to gain more information about AMLEGALS and its attorneys for his/her own information and use;
  • the information about us is provided to the user on his/her specific request and any information obtained or materials downloaded from this website is completely at their own volition and any transmission, receipt or use of this site does not create any lawyer-client relationship; and that
  • We are not responsible for any reliance that a user places on such information and shall not be liable for any loss or damage caused due to any inaccuracy in or exclusion of any information, or its interpretation thereof.
However, the user is advised to confirm the veracity of the same from independent and expert sources.