The Digital Personal Data Protection (DPDP) Act, 2023 governs the processing of digital personal data in India, emphasizing user consent, purpose limitation, and data accuracy. Enacted in August 2023 with rules effective from 2025, it applies to both online and offline data, protecting individual rights while allowing certain exceptions for the state.
The Digital Personal Data Protection Act, 2023 (DPDP Act) helps by protecting individuals’ personal data and ensuring it is processed lawfully, transparently, and for specific purposes. It strengthens citizens’ rights over their data while imposing clear obligations on organizations to prevent misuse and data breaches. This promotes trust, accountability, and responsible digital governance in India.
The complete assessment report can be shared through a proper Trust Center portal that provides controlled access and undergoes an NDA process before granting visibility.
Under the Digital Personal Data Protection Act, 2023, clients must clearly understand their role as Data Fiduciaries, while we act as a Data Processor supporting compliance. Only necessary personal data should be collected, processed for lawful purposes, and protected with reasonable security safeguards. Teams must ensure mechanisms exist to handle data principal rights (access, correction, erasure) and follow proper breach notification procedures. All responsibilities, security commitments, and data handling terms should be clearly defined in contracts.