Over the past decade, various reports have highlighted the migration trends of wealthy Indians. This pre-existing trend has only accelerated due to the pandemic, with the UK becoming a summer home for well-heeled Indians. 

The Digital Personal Data Protection Act 2023 (Act) places the primary obligation on ‘data fiduciaries’ to protect digital personal data of individuals and implement consent artifacts, including for any outsourcing arrangements for processing. Entities who merely process such data at the behest of another entity, called ‘data processors’ have been excluded from the statutory compliance obligations under the Act. The Act defines ‘data fiduciary’ as any entity determining the means and purpose of processing personal data. Entities handling data are required to undertake this classification exercise as the first step, i.e., whether they are merely data processors or can be classified as data fiduciaries.