India's Digital Personal Data Protection framework is now live. Understand your obligations, assess the impact on your business, and discover how IndiaConsent โ a DPB-ready Consent Manager โ makes compliance simple, auditable, and future-proof before the May 2027 deadline.
Official Rules โข MeitY Notification โข DPB-Ready Platform
The Digital Personal Data Protection Act, 2023 is India's first comprehensive data privacy law. The detailed DPDP Rules 2025 were officially notified by MeitY on 13 November 2025, giving full effect to the Act.
It applies to any organisation (Indian or foreign) that processes digital personal data of individuals in India โ whether you collect data via apps, websites, forms, or offline digitised records.
You are a Data Fiduciary if you decide the purpose and means of processing personal data. The law puts the responsibility squarely on you โ even if you use processors or vendors.
You must provide clear, standalone notices at every data collection point with itemised (or grouped) purposes. Legacy privacy policies won't suffice.
Granular consent, instant revocation, verifiable records, and multilingual support. Every consent must be immutable and auditable.
Breach notification to DPB + affected users, mandatory security safeguards, vendor DPAs, and (for Significant DFs) DPO, annual audits & DPIAs.
Rules notified 13 Nov 2025 โ Full compliance deadline 13 May 2027
Register or partner with a DPB-approved Consent Manager like IndiaConsent.
All consent, notice, rights, security, and breach processes must be live and auditable.
We are built as a DPB-ready Consent Manager โ the exact intermediary the Rules envisage. No more building complex systems in-house.
Join 200+ enterprises already using IndiaConsent to stay ahead of the May 2027 deadline.
No credit card โข Full features โข Dedicated compliance expert
We use cookies to ensure that you get the best experience on our website. By continuing to use this site, you give your consent to our Cookie policy.