Trending Now

14/11/2025
LIVE
  1. Home
  2. National
  3. Centre notifies DPDP Act rules, operationalises India’s 1st digital privacy law

What are the New Rules Under India's First Digital Privacy Law?

Click to start listening
What are the New Rules Under India's First Digital Privacy Law?

Synopsis

The Indian government has taken a significant step by operationalizing the Digital Personal Data Protection Act, requiring companies to comply with new rules that enhance user data privacy. This transformative legislation sets the framework for consent management, data breach notifications, and the establishment of a regulatory board.

Key Takeaways

  • DPDP Act is India's first digital privacy law.
  • Companies must provide transparency regarding user data.
  • Users have the right to revoke consent and report breaches.
  • Data Protection Board will oversee compliance and enforcement.
  • Significant deadlines for consent managers and companies to comply.

New Delhi, Nov 14 (NationPress) The government announced the rules for the Digital Personal Data Protection (DPDP) Act on Friday, thus formally implementing India’s inaugural digital privacy legislation and commencing the compliance timeline for businesses managing user data.

Under this new framework, social media platforms, online portals, and any entities that manage personal information must provide users with a comprehensive explanation of the data being collected and clarify how it will be utilized.

The regulations stipulate that users should have a straightforward method to withdraw their consent or report violations to the Data Protection Board (DPB).

Consent managers—entities authorized to represent users—are allotted 12 months to register with the DPB, while companies are given up to 18 months to meet the necessary compliance criteria.

Any organization aspiring to operate as a consent manager must be based in India, submit an application to the Board, and consistently meet its obligations; failure to do so could result in the revocation of its registration.

The DPB, headquartered in New Delhi and comprising four members including a chairperson, will function as a fully digital adjudicatory entity in line with the notified guidelines. Its responsibilities encompass law enforcement, data breach investigations, and imposing fines.

The regulations further classify digital intermediaries based on the services they provide and outline conditions for when user data must be purged, unless mandated to retain it by law.

Data fiduciaries are required to inform the DPB and affected users within 72 hours upon discovering a data breach.

Along with the rules, the Ministry of Electronics and Information Technology (MeitY) issued a separate notification for the establishment of the DPB. The DPDP Act was approved by Parliament in August 2023, and the final rules emerged after extensive consultation following the draft's release in January 2025.

“In essence, the one-year deadline for Consent Managers effectively sets up the consent infrastructure for DPDP compliance. By the 18-month enforcement deadline, a network of certified, impartial consent-service providers will be prepared to manage opt-in/out processes, facilitating the transition to the new regime,” remarked Vinay Butani, Partner at Economic Laws Practice.

Point of View

The enactment of the DPDP Act signifies a monumental shift in India's approach to digital privacy. This legislation not only prioritizes user rights but also establishes a regulatory framework that holds businesses accountable. As we navigate this new landscape, it is crucial that both companies and users understand their roles and responsibilities.
NationPress
14/11/2025

Frequently Asked Questions

What is the Digital Personal Data Protection Act?
The Digital Personal Data Protection Act is India's first digital privacy legislation aimed at protecting user data and ensuring transparency in data handling by companies.
What are the main obligations for companies under the DPDP Act?
Companies must inform users about the data they collect, how it will be used, and provide mechanisms for users to revoke consent and report violations.
What is the role of the Data Protection Board?
The Data Protection Board is responsible for enforcing the DPDP Act, investigating data breaches, and imposing penalties for non-compliance.
How long do companies have to comply with the new regulations?
Companies have up to 18 months to meet the compliance requirements set forth by the DPDP Act.
What happens if a consent manager fails to comply?
If a consent manager does not fulfill its obligations, its registration with the Data Protection Board may be revoked.
Tags: Digital Personal Data Protection Act DPDP Act rules India digital privacy law user data protection consent managers data breach regulations Data Protection Board compliance requirements user consent management digital data privacy news
Nation Press

Related Posts

Did UP CM Yogi Adityanath Meet DSP-Cricket Star Deepti Sharma?

Nation Press
Did Bihar Poll Results Teach Rahul Gandhi and Congress a Lesson?

Nation Press
Are BJP Leaders and Workers Celebrating a Historic Win in Bihar?

Nation Press
Is BJP Ready to Make History with Bihar's Biggest Win in 45 Years?

Nation Press

Follow Us

Popular Posts

Categories

Newsletter

Tags

Modi News IPL 2025 Sensex News Technology News Health News Sports News Rahul Gandhi News