Co-Working Spaces
Liability Check
Co-working spaces are sitting on a goldmine of member and visitor data, from basic contacts to payment details and browsing history. This makes you a significant Data Fiduciary under DPDP, with a direct line to penalties up to ₹250 Crore.
Why Co-Working Spaces is at Risk
From bustling hubs in Gurgaon to niche spaces in Hyderabad, co-working operators collect sensitive **personal data** at every touchpoint – member onboarding, visitor logs, Wi-Fi usage, and CCTV. This includes names, addresses, payment info, and even browsing patterns. Under DPDP, your facility acts as a **Data Fiduciary**, responsible for securing this data and obtaining proper consent. A breach or misstep in data handling, even for a single member, can trigger substantial fines and reputational damage.
Common Violations
- 1.Collecting excessive personal and company details from new members during onboarding without clearly articulating each specific purpose.
- 2.Sharing member contact lists or company profiles with third-party vendors (e.g., F&B, event organizers) without obtaining explicit, separate consent.
- 3.Retaining CCTV footage, visitor sign-in data, or Wi-Fi connection logs for longer than necessary or failing to adequately secure them against internal and external threats.
The Immediate Fix
Conduct a comprehensive data inventory across all your systems: member portals, visitor management, and network logs. Update your privacy policy to clearly detail all data types collected, their specific purposes, and your data retention schedule. Ensure your consent forms explicitly cover all data processing activities.
Projected Compliance Deadline: Immediate