As the data protection landscape evolves, compliance with the Indian Data Protection and Digital Privacy (DPDP) Act becomes increasingly important. This is not only a legal requirement, but also builds trust between data fiduciaries (entities that collect, store and process data) and data principles (individuals/users/customers). This article outlines the key steps data controllers should take to ensure compliance and effectively protect personal data, as well as the importance of written agreements with data processors.
Outline of steps to ensure compliance
The DPDP Law requires major data fiduciaries to appoint a data protection officer (DPO) and an independent data auditor and all data fiduciaries should consider adopting this practice: The DPO is the main point of contact for data protection matters and ensures compliance with legal obligations, while the auditor is responsible for data practices
Every step of the process is regulated by the new Act, from collection up until deletion. It is important to first assess the current mechanisms and systems for how the data is collected, the data protection protocols, the persons who can access and process such data, and the tools for automatic deletion of the data once the purpose has been fulfilled or when the data principle no longer consents to the processing of their data. Comprehensively assess the current data lifecycle, including collection, storage, processing and deletion mechanisms. Involving legal experts can help identify compliance gaps and recommend improvements accordingly.
Based on the assessment, implement robust security measures such as encryption, access control and intrusion detection systems to protect data from unauthorized access.
Transparency is a core principle of the DPDP Act. Data Fiduciaries must publish clear notices detailing how personal data will be used. These notices must be available in English and in India’s 22 official languages so that all data principles can understand their rights and data use.
It is important to obtain informed consent from Data Principles. Develop user-friendly mechanisms that enable individuals to understand and control how their data is processed. Legal counsel can help ensure compliance with the law and best practices.
Establish automatic data deletion protocols to ensure that personal data is not retained longer than necessary for fulfilling the purposes that the Data Principle was informed of, or if the Data Principle withdraws their consent.
Implement a dedicated platform to handle complaints and requests from Data Principles. This system will allow individuals to easily contact the DPO and submit their requests.
Regularly conduct Data Protection Impact Assessments (DPIAs) to assess the impact of data processing on the rights of Data Principles. These assessments should outline the rights of individuals, the purpose of the data processing and the risk management strategy. Legal support is essential to conduct a comprehensive DPIA that meets regulators’ expectations.
Continuous compliance requires regular audits of data practices. Engage legal experts to conduct such audits and provide practical insights for improvement. This practice not only strengthens compliance, but also increases the trust of Data Principles.
The Importance Of Drafting Robust Contracts With Data Processors
The relationship between data controllers and processors is crucial to ensure compliance with the DPDP Law. The drafting of a well-crafted contract is essential to protect the interests of the Data Principle and to clearly set out the obligations of the processors. The key aspects of such agreements are as follows:
A well-drafted data protection agreement (DPA) should outline certain obligations of the data processor, such as
Compliance with the DPDP Law requires commitment from data fiduciaries at all levels. By following these steps and leveraging legal expertise, data fiduciaries can build a robust framework for data protection. This proactive approach not only reduces legal risks, but also increases the trust of Data Principles and ultimately contributes to a safer digital ecosystem. Investing time and resources in both compliance measures and well-crafted contracts is crucial to creating a responsible data processing environment.
Author: Sumedha Vadhulas
Please contact us at info@origiin.com to know more about our services (Patent, Trademark, Copyright, Contract, IP Licensing, M&A of companies)
Subscribe to YouTube Channel HERE
Join LinkedIn Group: Innovation & IPR
WhatsApp: +91 74838 06607
A “Jurisdiction Clause“, also known as a “Choice of Law” or “Forum Selection Clause”, is a crucial provision often included in commercial contracts. It establishes the jurisdiction or court that will have the authority to resolve any disputes that may arise between the parties involved in the contract. For startups that create value based on the IP they own, choosing a the right jurisdiction can mean the difference between being able to successfully prove their claim over their IP, and lax protection measures to protect the very same IP.
Understanding Jurisdiction
Jurisdiction can be defined as the limit of a judicial authority or the extent to which a court of law can exercise its authority over suits, cases, appeals etc. The rationale behind introducing the concept of jurisdiction in law is that a court should be able to try and adjudicate only in those matters with which it has some connection or which fall within the geographical or political or pecuniary limits of its authority.
There are three basic types of jurisdictions:
Factors to Consider When Selecting a Jurisdiction
Legal Framework and Business Environment
Enforcement of Contracts
Cross-Border Considerations
Through the inclusion of a jurisdiction provision in an international commercial contract, Indian law recognises the parties’ right to jointly select a forum (an Indian or foreign court) the enforcement of the contract.
A foreign judgement or decree must meet the conclusiveness test in order to be enforceable in India; that is, it must be conclusive and not subject to any of the following restrictions or exceptions:
A foreign decree issued by a court in a reciprocating territory may be executed as an Indian decree by an Indian district court following the prescribed procedure if a party seeking execution files an execution application with the certified copy of the decree and a certificate attesting to the degree of satisfaction or adjustment of the sum decreed in the district court. To put it another way, the district court will execute the foreign judgement or decree without considering its conclusiveness and without considering the case’s merits. This allows for direct execution, which streamlines and expedites the procedure.
However, for this to apply, the said foreign decree should have been passed by any of the superior courts of any “reciprocating territory ” i.e. any country/territory outside India which is notified to be so by the Central Government in the Official Gazette .
Choosing Between Exclusive and Non-Exclusive Jurisdiction
In conclusion, it is impossible to exaggerate the importance of jurisdiction in contracts, particularly for startups that rely significantly on their intellectual property. A clear jurisdiction provision acts as a buffer, guaranteeing that disagreements are settled in a way that upholds legal rights and fosters corporate stability. By carefully weighing elements including regulatory environments, legal frameworks, and the ease of contract enforcement, parties can choose locations that suit their risk profiles and interests. Choosing between exclusive and non-exclusive jurisdiction may have a big influence on a startup’s capacity to safeguard its ideas and successfully handle any issues that may arise. Understanding and taking advantage of jurisdictional intricacies is crucial for promoting development and protecting important assets as organisations increasingly conduct cross-border transactions.
Author: Sumedha Vadhulas
Please contact us at info@origiin.com to know more about our services (Patent, Trademark, Copyright, Contract, IP Licensing, M&A of companies)
Subscribe to YouTube Channel HERE
Join LinkedIn Group: Innovation & IPR
WhatsApp: +91 74838 06607
Emozo is a Do-It-Yourself research and feedback gathering platform that’s focused on helping brands collect high quality emotional and behavioural data from audiences, in response to digital stimuli of different kinds. This is important because 95% of all decisions on the digital channels are driven by emotions. Unless one understands how one’s content resonates (emotionally) with one’s audience, driving the desired outcomes (via said content) may be problematic.
With Emozo, one does not need to depend on behavioural scientists, data analysts, software engineers to collect and decode this data from a global audience. The platform does it all. You can sit in your location and launch studies anywhere in the globe and collect reliable data in a matter of days. All the respondent needs is a camera enabled, connected digital device. Reports are produced in minutes, and one doesn’t have to wait for weeks to get feedback.
Emozo may be used to:
Built on real science and proven mass communication theory, our fully secure, digital platform leverages the powers of AI to enable qualitative research at scale and with speed. We are built to support all forms of iterative design-development and test & learn processes. Our proprietary ACE framework triangulates data on Appeal, Commitment, and Engagement to shed light on how customers feel about brands and experiences. The end result is meaningful info that establishes robust connections to human behaviour.
On the surface, we are a Market Research Services company that uses its own proprietary software platform to deliver breakthrough results for our customers. Ours is a full-fledged survey platform in the lines of Survey Monkey etc. Our clients have the option of using us for plain vanilla surveys of all kinds (without collecting any attention and emotion data). We provide Consulting services for customized study design and execution when our clients need us to.
Some of the kind of work that we do, include:
| Advertising Effectiveness Studies | Content Strategy Analysis |
| Brand Messaging Testing | Influencer Marketing Research |
| Brand Health Tracking | Product Development & Testing |
| Market Segmentation | Customer Satisfaction Surveys |
| Customer Journey Mapping | Customer Feedback Surveys |
To know more about Emozo and book a demo session, please contact Emozo Team here:
Email ID: indranil@emozo.ai
Company name: Emozo Labs, Inc.
Phone number: +1 (519) 807-3026
Linkedin URL: www.linkedin.com/in/indranil-mukherjee-a4347a1
Use promo code ITB2024 to avail 10% discount.
Nominate yourself HERE to publish your story.
Please contact us at info@origiin.com to know more about our services (Patent, Trademark, Copyright, Contract, IP Licensing, M&A of companies)
Subscribe to YouTube Channel HERE
Join LinkedIn Group: Innovation & IPR
WhatsApp: +91 74838 06607
Indranil Mukherjee is a first-time entrepreneur. He took the plunge in the early days of Covid, after 25 years of consulting and product engineering experience in the Tech industry. He lived and worked in India, US and Canada (current).
His company, Emozo Labs was recognized by the CIO Review magazine, among the Most Promising Tech Companies in Canada in 2022.
In this episode of Inspiring Tales with Bindu, you will know more about entrepreneurial journey, passion, challenges of Indranil Mukherjee to build Emozo Labs.
The interviewer, Bindu Sharma is Founder and CEO of Origiin IP Solutions LLP, a leading IP and legal services provided firm.
Bindu: Thanks for accepting the invite to participate in this program, “Inspiring Tales with Bindu”.
First of all, I want to know that having worked in corporate world for a long time, what inspired you to start your business and build this wonderful product, Emozo? Please share your entrepreneurial journey with the readers.
Indranil: I saw an opportunity to dramatically transform some areas of media and advertising research way back in 2016, after witnessing my wife (senior research professional) struggle to commission research studies and get accurate insights quickly.
She was in charge of assessing how a television commercial (featuring a top celebrity in India) was resonating with the intended audience. The method, as prevalent in those days, involved recruiting and gathering respondents in a physical location and getting their facial expressions and body language (video recorded as they watched the commercial) decoded by behavioural psychologists. The whole process was laborious, error-prone and just plain painful. It took weeks to get any meaningful insight out. Weeks that the business could scarcely afford. And, this wasn’t a one-off. I had seen this happen earlier (and later too).
As emotion detection technology was maturing and becoming more mainstream, I tried to think of ways the pain could be lessened and thus was born the idea behind Emozo. We had 2 false starts, in 2017 and again in 2019. We had come close to creating a good solution in 2019 but there were problems in the team I had assembled, and we disbanded. We started again in 2020, during Covid and this time we could succeed. It doesn’t sound good if I say the Covid slowdown helped us create a great first version of the platform, but it is the truth. I wish Covid never happened, but I am grateful for the time and space it allowed us to shape our initial thinking.
We launched our platform commercially in Q3-2021 and have been refining it ever since. A significant part of our initial success were two academic institutions – ISB Institute of Data Sciences (IIDS) and the DATA Initiative at Northeastern University, Boston, USA. The professors and students we collaborated with helped shape our thinking and refine our approach and algorithms. I remain very grateful for those partnerships.
Any note on our journey will not be complete without a mention of the first set of folks who took a chance on us. A few young companies in India and APAC saw enough promise in us to give the platform a spin or two. And there were those friends and ex-colleagues who walked us in through the first set of doors at potential customers. They are as much a part of our journey as anyone else.
When we started, we never thought that we’d morph into a platform-based services company. However, that’s what we have become to adjust to the dynamics of the markets we found ourselves in. We extended our platform to be a lot like conventional survey tools but even today we try to remain true to our initial calling – helping people understand how to create and deploy digital content that resonate with their audiences.
Bindu: Please tells us little more about your product, specially what is the core problem which your product/Services are capable of solving?
Indranil: We help our clients create and deploy Better Digital Content, with Higher Confidence, whether they be videos (advertisements, educational / entertainment / gaming content etc.), images or interfaces (web / mobile apps).
Emozo is a Do-It-Yourself research and feedback gathering platform that’s focused on helping brands collect high quality emotional and behavioural data from audiences, in response to digital stimuli of different kinds. This is important because 95% of all decisions on the digital channels are driven by emotions. Unless one understands how one’s content resonates (emotionally) with one’s audience, driving the desired outcomes (via said content) may be problematic.
With Emozo, one does not need to depend on behavioural scientists, data analysts, software engineers to collect and decode this data from a global audience. The platform does it all. You can sit in your location and launch studies anywhere in the globe and collect reliable data in a matter of days. All the respondent needs is a camera enabled, connected digital device. Reports are produced in minutes, and one doesn’t have to wait for weeks to get feedback.
Emozo may be used to:
Built on real science and proven mass communication theory, our fully secure, digital platform leverages the powers of AI to enable qualitative research at scale and with speed. We are built to support all forms of iterative design-development and test & learn processes. Our proprietary ACE framework triangulates data on Appeal, Commitment, and Engagement to shed light on how customers feel about brands and experiences. The end result is meaningful info that establishes robust connections to human behaviour.
On the surface, we are a Market Research Services company that uses its own proprietary software platform to deliver breakthrough results for our customers. Ours is a full-fledged survey platform in the lines of Survey Monkey etc. Our clients have the option of using us for plain vanilla surveys of all kinds (without collecting any attention and emotion data). We provide Consulting services for customized study design and execution when our clients need us to.
Some of the kind of work that we do, include:
| Advertising Effectiveness Studies | Content Strategy Analysis |
| Brand Messaging Testing | Influencer Marketing Research |
| Brand Health Tracking | Product Development & Testing |
| Market Segmentation | Customer Satisfaction Surveys |
| Customer Journey Mapping | Customer Feedback Surveys |
Bindu: Managing teams and employees is one of the main pain points in any organization. Please let me know how big is your team and what values do you prioritise in your organisation?
Indranil: We have a small, fully remote team, spread across India, Canada and Singapore. Given our geographical spread, we value proactive, efficient and transparent communication the most. Right after that comes Accountability and Ownership of our individual actions and goals.
Bindu: For any business, customer satisfaction is very critical, and I am curious to know what is your Unique Selling Point (USP)?
Indranil: We offer a platform that’s truly differentiated in terms of its capabilities and the experience it provides our users. We also provide tremendous global reach (to empanelled respondents) and a price-point that’s very, very competitive.
Bindu: What’s one question you wish people would ask you about business, but don’t? What would be your answer?
Indranil: How do you build value on an ongoing basis (in the context of our platform)? The answer is through relentless customer-centricity and patience and by refusing to cut corners.
Bindu: While running a business, one has to manage a lot of things and keep a stable mind. How do you keep yourself motivated?
Indranil: I find having a few stretch goals at all times and diligently working towards them automatically brings in a sense of discipline and motivation. For good mental health, I find that there’s nothing better than playing sports and regular human connections, be it with colleagues, friends or family.
Bindu: You started business after spending a long time in the corporate world. Are you happy with what you are doing? Do you have any regrets?
Indranil: Revenue pressures and the general slow pace of progress always put pressure on business owners, and I am not immune to that at all. That said, I really like what I do and the variety of things that I have to do, to move forward on a daily basis.
I won’t call it a regret, but I do wish I had started on the entrepreneurial journey earlier in my life.
Bindu: Who has been your role model and why?
Indranil: There are and have been many. In different aspects. I have always considered my father as a role model for many areas of life. There are (and have been) corporate leaders who I wished to emulate too.
Bindu: The word Emozo sounds very stylish and trendy. I would like to know how did you come up with the product name Emozo and what does your logo represent?
Indranil: The logo is simple. It represents the first letter of our brand name. We had initially considered the names Usemo and Emorite, but they didn’t work out for a variety of different reasons. The current name was suggested by one of our co-founders (no longer with the company). He’s from eastern Europe and he combined the core of the word “Emotion” with a suffix (“zo”) that has roots in his native language. The rest of us liked the name and it stuck. That’s how we came up with the brand name, Emozo.
Bindu: What is one piece of advice you would give to budding entrepreneurs or new businesses?
Indranil: One of the many early mistakes we had made was to focus completely on building the product and not on marketing the concept/idea. Our mistake was to believe that we needed something concrete built before it could be marketed/sold. In hindsight, we should have put equal emphasis on both, right from the get-go.
Now, more savvy, budding entrepreneurs will probably not make this mistake today. However, if there’s one piece of advice, I can offer to folks who are just starting out to build new software platforms, it is this. Product Development and Marketing needs to go hand-in-hand. Not only is it crucial from a revenue standpoint, but you will also build a better product in the process, because of all the feedback you receive from all the people you will fail to convince with the initial ideas.
Bindu: Thank for very much Indranil for sharing your Inspiring Tale.
Indranil: You are most welcome Bindu. It was lovely to have this conversation with you.
To know more about Emozo and book a demo session, please contact Emozo Team here:
Email ID: indranil@emozo.ai
Company name: Emozo Labs, Inc.
Phone number: +1 (519) 807-3026
Linkedin URL: https://www.linkedin.com/in/indranil-mukherjee-a4347a1/
Use promo code ITB2024 to avail 10% discount.
Nominate yourself HERE to publish your story.
Please contact us at info@origiin.com to know more about our services (Patent, Trademark, Copyright, Contract, IP Licensing, M&A of companies)
Subscribe to YouTube Channel HERE
Join LinkedIn Group: Innovation & IPR
WhatsApp: +91 74838 06607
Data privacy is a discipline intended to keep data safe against improper access, theft or loss. I is vital to ensure that data is kept confidential and secure, and this is achieved through exercising sound data management and preventing unauthorized access that might result in data loss, alteration or theft.
This can be achieved through implementing effective cybersecurity measures within the organisation such through access control measures, such as usernames and passwords, or some form of biometric authentication. Robust legislation regulates the collection, storage and processing of personal data both internationally and domestically in the form of the General Data Protection Regulation (GDPR) and the Digital Personal Data Protection (DPDP) Act.
The GDPR is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in and outside of the European Union (EU).
The regulation, which was approved in 2016 and put into effect in 2018, is the strictest data security and privacy law in the world. It aims to give users control over their own personal data by holding companies responsible for the manner in which they collect, store and process such information.
The Digital Personal Data Protection (DPDP) Act, 2023 is India’s first legislation on data privacy and protection. It applies to the processing of digital personal data within the territory of India collected online or collected offline and later digitized. It is also applicable to processing digital personal data outside the territory of India, if it involves providing goods or services to the data principals within the territory of India.
General Data Protection Regulation (GDPR)
The GDPR sets forth 3 key principles for with regards to Data Privacy: Lawfulness, Fairness and Transparency.
“Lawful” means that the collection and processing of data is done on a legally valid basis. This can mean enforcing consent mechanisms for ensuring that the user is informed and willing to provide their data.
“Fair” means that the processing of personal data is in the best interest of the user who has provided the data and any processing done on such data is within the scope of what the user can reasonably expect when such data is provided.
“Transparency” is the clear communication of the details of the processing of personal data to the user from whom such data is collected.
With respect to the rights of the users, the GDPR guarantees the following rights:
The GDPR recognizes that not all organizations involved in the processing of personal data have an equal level of responsibility, and classifies two entities under the purview of the regulation: a Data Controller is an entity which determines the purposes of any personal data and the means of processing it, while a Data Processor is an entity which processes personal data on behalf of a data controller. An entity classified as a data controller or a data processor, is responsible for ensuring compliance with the GDPR and demonstrate compliance with the regulation’s data protection principles. While Date Processors do not have the same level of GDPR compliance responsibilities as Data Controllers, they must still take appropriate organizational and technical measures to ensure that any processed data is done so in line with the GDPR.
Digital Personal Data Protection (DPDP) Act, 2023
This Act establishes guidelines for handling digital personal data, balancing individuals’ rights to protect their information with the necessity of processing data for legal purposes and related matters. The act applies to personal data which is processed within India, and personal data that is processed outside India if it pertains to business activity related to individuals within India.
The Act is based on the following seven principles:
The Act provides for following rights to the individuals:
Data privacy is crucial in a society that is becoming more and more digital. Both India’s Digital Personal Data Protection (DPDP) Act and the General Data Protection Regulation (GDPR) are essential frameworks intended to safeguard people’s personal information while making sure businesses manage it appropriately. These rules provide users more control over their information and strengthen their rights by emphasising the values of lawfulness, fairness, and openness.
Following these regulations is not only required by law but also advantageous for businesses, particularly start-ups with significant intellectual property. Stronger customer connections result from the implementation of solid data protection procedures, which also build trust and improve brand reputation. Businesses must be proactive as the regulatory environment evolves, constantly modifying their procedures to satisfy compliance standards and protect the data they handle.
Organisations must effectively address the intricacies of data privacy by comprehending and adhering to the principles set out in the GDPR and DPDP. This effort not only safeguards people’s rights but also helps create a more secure and reliable online environment, opening doors for innovation and expansion in the information economy.
Author: Sumedha Vadhulas
Please contact us at info@origiin.com to know more about our services (Patent, Trademark, Copyright, Contract, IP Licensing, M&A of companies)
Subscribe to YouTube Channel HERE
Join LinkedIn Group: Innovation & IPR
WhatsApp: +91 74838 06607
