Data Principal Rights

The DPDPA grants Data Principals (individuals) specific rights over their personal data. Sections 11–14 outline these rights, and failure to honour them can result in penalties and complaints to the Data Protection Board. Kraver.ai automates the entire rights fulfilment lifecycle — from request intake to response delivery.

When a Data Principal withdraws consent or the purpose of processing is fulfilled, they have the right to have their personal data erased. Kraver.ai orchestrates erasure across all systems — databases, backups, third-party processors, and analytics platforms — ensuring no residual data remains while maintaining legally required retention records.

Section 13 requires Data Fiduciaries to have a grievance redressal mechanism. Kraver.ai provides a structured grievance management system with intake, categorisation, investigation workflows, escalation paths, and resolution tracking. Responses are generated within the prescribed timeframe to avoid regulatory complaints.

Section 14 allows Data Principals to nominate another person to exercise their rights in the event of death or incapacity. Kraver.ai manages the nomination lifecycle — registration, verification, activation upon triggering event, and controlled access to the deceased/incapacitated principal's data rights.

Every rights request is tracked against configurable SLAs. Kraver.ai sends automated reminders to responsible teams, escalates overdue requests, and generates compliance reports showing fulfilment rates, average response times, and bottleneck analysis. This ensures no request falls through the cracks.