Guwahati Businesses
Liability Check
Guwahati, the bustling gateway to Northeast India, is a rapidly expanding hub for trade, education, and tourism. From student enrollment at Assam Engineering College to tourist bookings for Kaziranga, every business handling personal data is now a Data Fiduciary under DPDP, risking fines up to ₹250 Crore.
Why Guwahati Businesses is at Risk
Guwahati's diverse economy means extensive personal data processing. Educational institutions like Gauhati University manage vast student databases, while tourism operators process sensitive booking and travel details. Healthcare providers and logistics companies moving goods across the region are also major data handlers. The **DPDP Act, 2023**, demands strict consent mechanisms, purpose limitation, and robust data security. Neglecting these could result in severe penalties for mishandling **student records, patient information, or tourist itineraries**.
Common Violations
- 1.Educational institutes sharing student contact details with third-party vendors for marketing without specific, granular consent.
- 2.Tourism agencies retaining customer credit card details or passport scans on their servers beyond the transaction or trip completion.
- 3.Local e-commerce platforms or logistics providers storing delivery addresses and phone numbers indefinitely, or on unsecured systems.
The Immediate Fix
Conduct a thorough data audit. Identify all personal data collected (e.g., student IDs, tourist itineraries, employee details), its purpose, and its retention period. Implement a clear consent management system, especially for marketing activities, to avoid the **DPDP's consent trap**.
Projected Compliance Deadline: Immediate