New Delhi, Nov 15 (NationPress) Industry specialists expressed their approval on Saturday regarding the government's announcement of the Rules under the Digital Personal Data Protection Act (DPDPA), 2023, officially implementing India's inaugural dedicated framework for personal data protection.

According to the notice issued by the Ministry of Electronics and Information Technology (MeitY) on Friday, social media platforms, online payment systems, and any entities managing personal data must provide users with a comprehensive explanation of the data being collected and clarify its intended use.

“There’s no denying that India has embarked on a new chapter in privacy. In this AI-driven era, trust is paramount. Given that AI relies on extensive datasets, robust privacy measures must be prioritized. This progress is a significant leap in bolstering India’s digital ecosystem, aligning seamlessly with the nation’s recent AI governance protocols,” stated Ivana Bartoletti, Chief Privacy and AI Governance Officer at Wipro.

Bartoletti highlighted that the new regulations incorporate stringent data governance principles, characterized by explicit responsibilities, structured frameworks, consent, and an emphasis on privacy by design.

These measures will empower organizations to expand sustainably and responsibly as “innovation accelerates and technology becomes increasingly woven into our everyday lives,” she remarked.

The regulations mandate that users have straightforward mechanisms to withdraw their consent or file complaints with the Data Protection Board (DPB) regarding violations.

While consent managers—entities authorized to represent users—are given a 12-month period to register with the DPB, companies are allotted up to 18 months to meet the administrative compliance requirements.

“With the announcement of the Rules and the Act, the government has effectively dispelled all uncertainty,” remarked Nikhil Narendran, Partner – TMT [Technology, Media, and Telecommunications] at Trilegal.

“Indian businesses now have an 18-month period to prepare for full compliance. Most organizations will need to begin with data mapping, redesigning consent and notification processes, and implementing training programs to ensure compliance, supported by legal, technological, and privacy experts. The real emphasis will also be on establishing the new Data Protection Authority and observing how this regulator interprets these regulations, prioritizes enforcement, and how initial guidance shapes India’s digital landscape,” Narendran added.

Jaspreet Singh, Partner and Chief Revenue Officer at Grant Thornton Bharat, mentioned that the DPDPA Rules 2025 signify India’s shift from policy intentions to operational responsibility and privacy.

“Compliance with DPDPA transcends a mere checklist; it represents a culture of trust that every organization must now embed. The DPDPA era necessitates that boardrooms possess fluency in privacy governance; executives will be evaluated by the controls they can demonstrate, rather than by promises made,” Singh stated.

“The 2025 Rules unequivocally state that data fiduciaries must integrate privacy by design proactively, rather than waiting for regulators to impose it by default. As DPDPA Rules take effect, the competitive edge will belong to organizations that operationalize privacy as an ongoing assurance function,” he concluded.