How can you request correction or erasure of your personal data under the DPDPA?

In today’s hyper-connected world, our personal data is constantly being collected, stored, and processed—often in ways we don’t even realize. From signing up on e-commerce platforms and downloading mobile apps to filling out digital forms for government services, your digital footprint is everywhere.

But what happens when the information a company or platform has about you is inaccurate, outdated, or no longer needed? Under India’s Digital Personal Data Protection Act (DPDPA) 2023, you now have a legal right to request correction or erasure (deletion) of such data.

This blog post explores your rights under the DPDPA regarding the correction and erasure of personal data, explains how you can exercise these rights, and offers practical examples to help you take control of your digital identity.

📜 The Legal Framework: What is the DPDPA?

The Digital Personal Data Protection Act, 2023 (DPDPA) is India’s first comprehensive legislation that governs how personal data is collected, stored, and processed by both private entities (Data Fiduciaries) and government bodies.

Under this law, you (the Data Principal) are granted fundamental rights to protect your digital privacy, including the right to:

  • Access your data.

  • Correct any inaccuracies.

  • Erase data that is no longer necessary or was collected without valid consent.

These rights shift control from the corporations back to the citizens—you own your data, and you have the authority to demand accuracy and fairness in how it’s handled.

🔍 What is Correction and Erasure of Personal Data?

Let’s break it down:

🛠 Correction of Personal Data:

This is your right to ask a platform to fix inaccurate or misleading information they have about you.

Example:
You notice that your age is incorrectly mentioned as 52 instead of 25 on a financial platform. This error could affect your loan eligibility. Under the DPDPA, you can request the platform to correct this inaccuracy.

🧹 Erasure of Personal Data:

This refers to your right to ask for the deletion of personal data when:

  • The data is no longer needed for the purpose it was collected.

  • You withdraw consent.

  • The data was collected unlawfully.

Example:
You had once signed up for a job portal, but now you’ve found employment and no longer want your resume and personal details available online. You can request the platform to erase your personal data from their systems.

⚖ Legal Clauses Supporting Your Rights

Section 12(3) of the DPDPA specifically states:

“The Data Principal shall have the right to correction, completion, updating, and erasure of their personal data for the purpose for which such personal data was furnished by the Data Principal.”

Further, Data Fiduciaries are legally obligated to respond to such requests within a reasonable time and provide proof of action.

🧾 What Kind of Data Can You Correct or Erase?

Here are some examples of data types you can request changes for:

Type of Data Correction Example Erasure Example
Contact Information Update old phone number or email Delete outdated emergency contact
Financial Details Correct incorrect income or bank info Erase old bank account details no longer in use
Educational Records Fix name misspellings or wrong grade entries Delete data after course completion
Location Information Update current address Remove stored GPS data from a delivery app
User Profiles on Websites Update profile picture or name Completely delete your account

✉️ How to Request Correction or Erasure: Step-by-Step Guide

Here’s how you can use your right as a Data Principal:

✅ Step 1: Identify the Data Fiduciary

This is the organization or entity that has collected your data—such as a bank, mobile app, educational platform, or government portal.

✅ Step 2: Draft a Request

You can submit your request via:

  • Email

  • App or website portal

  • Customer service form

  • Data Protection Officer’s (DPO) contact, if available

Your request should include:

  • Your full name and registered email/phone number

  • Description of the data to be corrected/erased

  • Reason for correction/erasure

  • Proof of identity (if required)

✅ Step 3: Wait for Acknowledgment

Under the DPDPA, the company must acknowledge and respond to your request within a reasonable period, typically within 7 to 15 working days.

✅ Step 4: Follow Up

If you do not receive a response or the company refuses without valid reason, you can escalate the matter to the Data Protection Board of India (DPBI).

📌 Real-World Example: Social Media Profile

Let’s say you changed your legal name and now want your new name to reflect on your social media accounts, blogs, and forums.

Action Steps:

  1. Log into your social media account settings.

  2. Submit a request to correct your profile name.

  3. If the option isn’t available or the change is denied, send an email to their Data Protection Officer citing your DPDPA rights.

  4. Attach a legal name change certificate as proof.

If you no longer want your account online, you can request full erasure of all associated data.

🔒 What Happens After Erasure?

Once your data is erased:

  • It must be deleted from all primary and backup servers.

  • It should not be used, processed, or sold further.

  • The Data Fiduciary must confirm in writing that the data has been erased (unless they’re legally required to retain it).

⚠️ When Can a Company Refuse Your Request?

While the DPDPA empowers you, it also provides reasonable exceptions. A company may decline to correct or erase your data if:

  • It’s required to retain it for legal or regulatory reasons (e.g., tax records, legal proceedings).

  • The data was not provided by you directly and is needed for public interest.

  • It’s anonymized and no longer linked to your identity.

Example:
A government portal may retain your Aadhaar-linked transaction history if needed for auditing or compliance—even if you request erasure.

📣 Tips for Using Your Rights Effectively

  • Always read privacy policies and understand what data is collected.

  • Use platforms that provide in-app options to modify or delete your data.

  • Take screenshots or records of the requests you send for future reference.

  • Be polite but firm in citing your legal rights under the DPDPA.

  • Report repeated violations to the Data Protection Board of India (DPBI) once operational.

🛡 Tools That Can Help

Tool/Platform Purpose
In-app Privacy Settings Manage consent, correction, and deletion
Data Protection Officer (DPO) Official contact for correction/erasure requests
Government Grievance Portals For public service data issues
Privacy Browser Extensions Identify tracking data and request deletion

🏛 Role of the Data Protection Board of India (DPBI)

Expected to begin full operations in 2025, the DPBI will:

  • Act as a mediator between citizens and Data Fiduciaries.

  • Investigate complaints related to data misuse.

  • Impose penalties (up to ₹250 crore for violations).

  • Encourage public awareness of data rights.

Until then, you can still file complaints via consumer helplines or data grievance platforms.

✅ Conclusion

India’s Digital Personal Data Protection Act (DPDPA) 2023 marks a transformative step in empowering individuals to control their digital identity. The ability to request correction or erasure of your personal data is no longer just a privilege—it’s a legal right.

Whether you want to:

  • Fix incorrect info on a banking app,

  • Delete your old student profile from an educational platform,

  • Or erase sensitive data from a website you no longer use—

You have the power to do it.

Take charge of your data.
Ask questions.
Make requests.
Hold organizations accountable.

Because in the digital age, your data is your dignity—and the law is now firmly on your side.

rahulsharma

Posts