Mysuru Businesses
Liability Check
Mysuru, the heritage city now an emerging tech hub, processes diverse personal data from tourists, students, and a burgeoning IT workforce. From hotel guest registers to university admissions and startup user databases, every entity handling personal data is a Data Fiduciary under DPDP.
Why Mysuru Businesses is at Risk
Mysuru's bustling tourism sector, with its hotels and tour operators, handles sensitive guest PII like passport details and travel itineraries. Educational institutions, including renowned universities and coaching academies, collect extensive student demographic and academic records. Furthermore, the city's rapidly expanding startup and IT ecosystem often processes employee, customer, and user data at scale. Under the **DPDP Act 2023**, all these businesses must ensure explicit consent, robust data security protocols, and timely **72-hour breach notifications** to avoid significant penalties.
Common Violations
- 1.Heritage hotels sharing guest contact information with local souvenir shops or taxi services without explicit, separate consent.
- 2.Ed-tech startups in Hebbal or Bannimantap collecting excessive student data (e.g., parental income, personal hobbies) beyond what's required for course enrollment.
- 3.Local e-commerce platforms retaining full credit card details or delivery addresses indefinitely after order completion.
The Immediate Fix
Conduct a thorough data mapping exercise. Understand what personal data you collect, why you collect it, where it's stored, and who has access. This 'record of processing activities' is your first line of defense and a DPDP requirement.
Projected Compliance Deadline: Immediate