In most cases, the Data Fiduciary remains accountable under the DPDP Act, even if a data breach occurs at a third-party Data Processor or reseller. Sharing personal data with a third party does not transfer your responsibility for protecting it.
To reduce your risk, establish clear responsibilities before sharing any personal data. A well-defined Data Processing Agreement (DPA) should outline each party's security obligations, breach notification timelines, and liability in the event of a security incident.
Connect with the miniOrange team to implement a DPDP Compliance Solution.