A Data Principal is the person whose personal data is being collected, used, stored, shared, or deleted.
Simple example
A customer ordering food, a student using an EdTech app, a patient booking a test, and an employee in an HR system can all be Data Principals.
Why it matters
DPDP starts with the person. If your business cannot explain what happens to that person's data, your DPDP work is not ready.
What to check
Who are the people behind the data?
Are they customers, employees, students, patients, vendors, or leads?
Do any of them include children?
Can they access, correct, delete, or raise a grievance?
Can you respond without searching across ten disconnected tools?
Treating data as rows in a database and forgetting that each row belongs to a real person.
Pick one type of person, such as customer or employee, and map their full data journey.
If this is still fuzzy, do this
Run one real data journey through your business. Do not start with legal language. Start with the person, the form, the tool, the vendor, the message, and the deletion point.