India Unveils Digital Personal Data Protection Rules for 2025
The Digital Personal Data Protection (DPDP) Rules, 2025, launched by India, promise a secure framework for handling personal data. Enacted by Parliament, they ensure citizens' privacy while fostering innovation, detailing responsibilities for data handlers and protecting individuals' rights with a robust compliance regime.
- Country:
- India
India has announced the operationalisation of the Digital Personal Data Protection (DPDP) Rules, 2025, effectively implementing the DPDP Act of 2023. According to the Ministry of Electronics and IT, the act prioritizes a citizen-friendly framework that promotes responsible digital data usage while encouraging innovation.
The DPDP Act, passed on August 11, 2023, by Parliament, offers a comprehensive structure for digital personal data protection. It specifies the roles and duties of entities, known as Data Fiduciaries, responsible for data handling, as well as the rights of the individuals, termed Data Principals. Designed with simplicity and accessibility at its core, the Act uses the SARAL approach to aid compliance and understanding.
The Act revolves around seven principles, including consent, transparency, data minimisation, and security. The Ministry organized extensive public consultations to refine the DPDP Rules, integrating feedback from a broad range of stakeholders. The rules provide phased compliance, mandate plain-language consent notices, and outline steps for breach scenarios, enhancing individual protections and obligations for Data Fiduciaries.
(With inputs from agencies.)
Google News