Privacy Glossary

Data Fiduciary

The Indian equivalent of a Data Controller under the DPDP Act — an entity that determines the purposes and means of processing personal data.

DPDP Act

Full Definition

Under India's Digital Personal Data Protection Act 2023, a 'Data Fiduciary' is any person or organisation who, alone or in conjunction with others, determines the purposes and means of processing personal data. The term reflects the fiduciary duty of care owed to the data principal (the individual). Data Fiduciaries must obtain valid consent, provide accessible privacy notices, respond to data principal requests, maintain data accuracy, and implement security safeguards. Certain Data Fiduciaries may be designated as 'Significant Data Fiduciaries' by the central government, attracting additional obligations.

Back to all terms

Related terms

Data Controller

An entity that determines the purposes and means of processing personal data.

Data Processor

An entity that processes personal data on behalf of and under the instructions of a Data Controller.

Data Principal

The individual to whom personal data relates, as defined under India's DPDP Act (equivalent to 'data subject' under GDPR).

Relevant regulations

DPDP Act

Browse more terms

Explore all 25 privacy and compliance terms in our glossary.

View full glossary

Automate your privacy program

TruePrivacy handles DSRs, consent management, data mapping, and breach response — all in one platform.

Start Free Trial Book a Demo