In recent years, there has been a massive flow of data. Internet has become a necessity in our lives, however, it also created an abundance of data and raised concerns about security breaches of personal and sensitive data. Data privacy means establishing trust, preventing data breaches, and having the right over own personal data which may have severe consequences. Apart from Financial loss, it may affect the reputation or trust of the organization.

Data Protection Law of the European Union is regarded as the ideal legal framework in the protection of personal data. The new era of technology where there are no territorial boundaries and there is a massive flow of data in just a few years of span, showcases the need for such a law. Different countries have their legal regimes where General Data Personal Regulation (GDPR) is the strict law in terms of protection of data in the world. The act was enacted in 2018 it laid down guidelines for collecting and processing the personal data of the individual

Indian personal data law which is titled 'Digital Personal Data Act 2023' is aimed at safeguarding the rights of individuals in the Digital age. It has its legislative history where data was secured by the (SPDI rules) The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information ),2011 was applied to corporate bodies for sensitive data. After the case of KS Puttaswamy v Union of India,2017 which recognized the right to privacy as a fundamental right the government took steps such as forming B N Krishna Committee to identify the issues and recommended a personal Data protection bill,2018 was drafted. In 2019 the Joint Parliamentary Committee submitted its report on the Personal Protection Bill,2021 and 2022, and finally, the bill was tabled in parliament, passed, and enacted.

Understanding Data Protection Laws:
Over the last several years, the world has been constantly shifting to regulatory landscapes for the collection, storage, and processing of personal data. Growing these concerns showcases the need for personal data laws. The breach of security and data collection standards proliferate new legislation. The legislation must contain similar requirements as contained in the DPD Act as:

• Protection of personal data of individuals to prevent data breaches using technologies like data isolation, encryption, and access control
• Restriction of use of data for further stated purpose
• Retention of personal data when no longer needed for its stated purpose
• The requiring notification for a data breach to the impacted individual
• Granting the right to the individual over their data

The whole Personal Data Law stands on the concept of the Right to Privacy, but what Privacy actually means, and how the meaning of Privacy has evolved is an important aspect for better analysis of the evolution of the Data Protection Law.

Privacy has been a great topic of debate, deliberation, and discussion since it first emerged.

The recognition of the Right to privacy was established initially as an international right before it was recognised by Nations in their constitutions or National Human Rights framework.

Initially after World War II nations usually use to cover only aspects of privacy such as the inviolability of the home and of correspondence.

International human rights are the most fundamental rights protected by liberal state constitutions.[1] Usually, these rights are first established at the national level and then elevated to the international stage once they're well-established and the timing is right. However, in the case of the right to privacy, the international guarantee surpassed what was guaranteed at the national level right from the start. This created something entirely new that hadn't been seen in any state constitution before.

In his article "The Meanings of 'Individualism'," Steven Lukes elucidates that the idea of privacy undergoes evolution and growth in tandem with the understanding of individualism.

The theory of individualism suggests that each person is an independent being because they have been granted life by a higher power, state machinery only recognises that and allows them to enjoy various freedoms, including privacy.

Great Philosopher John Locke opined: "A person who operated within the confine of a social contract, but is free within the confines of those contracts"

Charles Warren and Louis D. Brandeis in their paper, "The Right to Privacy", noted - "Once a civilization has made a distinction between the 'outer' and the 'inner' man, between the life of the soul and the life of the body, between the spiritual and the material, between the sacred and the profane, between the realm of God and the realm of Caesar, between Church and state, between rights inherent and inalienable and rights that are in the power of government to give and take away, between public and private, between society and solitude, it becomes impossible to avoid the idea of privacy by whatever name it may be called- the idea of a private space in which man may become and remain himself. There are legislation in the countries for data protection

The General Data Protection Regulation became applicable to all member states, it is not pertinent to be a legal entity legally registered in an EU Member State, it has an extra-territorial effect. It involves the subject of processing activities 'to the offering of goods or services'. 137 out of 194 countries had put in place legislation to secure data and privacy protection.

India's DPDP act primarily focuses on aspects such as Data Fiduciary, which collects the data and defines the means and purpose of the data principals that might be one or more processors. They have an obligation to protect them from misuse of the data and also to inform the data principal. In GDPR it is called a Data Controller which is the same who decides the means and purpose of data. The word data processor often get confused which means who processes the personal data on behalf of the data fiduciary.

The DPDP act and GDPR have a few areas in common which are Data requests, both grants data principals the right to request a copy of their data on file, and the personal data is to be deleted once the purpose has been fulfilled both the act have significant fines for violation of these rights. It provides that personal data is to be protected but a type of data has been defined differently. Both acts provide there must be notification of the event of a data breach is required for Individual

Anonymized data has been excluded in both acts, the DPDP states that anonymized data can also lead to the identification of an Individual. GDPR expressly excludes it from the applicability.

There are some exemptions where data can be processed without consent DPDP provides that data fiduciary in certain cases that are legitimate such as employment, medical emergencies, and performing any state services or benefits to the data principal. GDPR also provides exemptions with certain obligations.

There are certain differences where GDPR and DPDP are unique in their own ways. GDPR classifies personal data into categories of data based on the purpose and processing. DPDP however, includes all kinds of data.

DPDP act is only applicable to digital or digitalised data whereas GDPR applies to offline data also . Indian Act provides parental consent verifiable requirements that the EU's law has not expressly mentioned. Both acts have a grievance Redressal mechanism however GDPR does not require to redress of the grievance before the controller makes a complaint to the jurisdictional supervisory authority or courts.

Conclusion:
Data privacy and protection of data have multiple benefits where trust and reputation are built. With the increasing amount of personal information that is globally available, It becomes essential to protect it from exploitation. Understanding privacy laws and their implementation in businesses or to individuals helps to maintain trust. Data privacy is a vital component where necessary steps are to be taken. By doing so we create safer and more secure platforms. Privacy is linked to dignity which is a fundamental right, thus European state's utmost importance to data laws which is considered as reference for other countries.

Evolution requires some prominent changes,which also become necessity to implement these laws with the objective to protect individual data. New technologies are emerging, industries are growing rapidly, and it is the need of today's era to comply with personal data laws. There are plenty of instances where an individual's data is taken in exchange for services

Legislators are somewhere way behind to fully protect the data and to promote data protection it is important to address the issues with the evolving technology to be taken to protect the data.