{"id":339887,"date":"2025-01-28T12:30:55","date_gmt":"2025-01-28T07:00:55","guid":{"rendered":"https:\/\/www.scconline.com\/blog\/?p=339887"},"modified":"2025-01-28T18:08:26","modified_gmt":"2025-01-28T12:38:26","slug":"indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules","status":"publish","type":"post","link":"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/","title":{"rendered":"India’s Leap Towards an Era of Privacy: MeitY Releases Draft Digital Personal Data Protection (DPDP) Rules"},"content":{"rendered":"
\n

I<\/span>n a significant development, the Ministry of Electronics and Information Technology (MeitY) has unveiled the Draft Digital Personal Data Protection Rules, 2025 (Draft Rules) marking a critical step forward after the enactment of the Digital Personal Data Protection Act, 2023<\/a>1<\/sup><\/a> (DPDP Act). Released 16 months after the DPDP Act<\/a>, these Draft Rules aim to provide much-needed clarity and operational guidance for its implementation. The DPDP Act<\/a> represents India’s first comprehensive data protection framework, safeguarding all categories of personal data compared to the earlier limited regime that focused solely on “sensitive personal data and information”. By introducing robust mechanisms for consent, notices, data principal rights, and breach notifications, the DPDP framework aligns India’s data protection standards with global benchmarks.<\/p>\n

The Draft Rules are characterised by simplicity and clarity in language, making them accessible to a wide audience. Below are the key highlights:<\/p>\n

(1) Form of notice<\/p>\n

The Draft Rules mandate that any notice issued to data principals by data fiduciaries must be independently understandable without reliance on additional information. This ensures transparency and comprehensibility, promoting trust and informed consent.<\/p>\n

(2) Consent managers<\/p>\n

The DPDP Act<\/a> has introduced the concept of consent managers. The Draft Rules now outline their eligibility criteria and obligations. A consent manager must be an entity incorporated in India with a minimum net worth of INR 2,00,00,000 (approximately USD 240,000). Additionally, they are required to demonstrate technical, financial, and operational capacity. The Draft Rules emphasise sound financial health and general character, though these requirements remain broadly defined. It will be clearer if specific quantifiable benchmarks are incorporated to eliminate ambiguity which will ensure uniform compliance.<\/p>\n

(3) Reasonable security safeguards<\/p>\n

The data fiduciaries and processors are obligated to implement reasonable security measures, such as encryption and obfuscation, to protect personal data. They must maintain visibility over data access through appropriate logs and monitoring mechanisms, enabling detection, investigation, remediation of unauthorised access, and measures to prevent recurrence.<\/p>\n

(4) Intimation of data breach<\/p>\n

The DPDP Act<\/a> mandates data breach notifications to data principals. The Draft Rules, however, lack differentiation among breaches based on severity, nature of data, or impact. Categorising breaches and introducing quantitative thresholds for notification would alleviate unnecessary burdens on the data fiduciary and save the data principals from constant intimations, while ensuring timely intimation of critical incidents.<\/p>\n

(5) Retention and erasure<\/p>\n

The Draft Rules introduce data retention timelines for specific fiduciary classes (for instance, an e-commerce entity having not less than 2 crore users in India is required to retain personal data for three years from the date which the data principal last approached them for the performance of the specified purpose or exercise of her rights, or the commencement of the Draft Rules whichever is latest) and require them to notify data principals 48 hours prior to data erasure if the specified purpose is unfulfilled or rights remain unexercised. However, it will be helpful if more clarity is provided on retention obligations for data fiduciaries not listed in the Third Schedule. Comprehensive guidance would aid in consistent adherence across sectors.<\/p>\n

(6) Verifiable consent for children’s data and person with disability<\/p>\n

The Draft Rules detail processes for obtaining verifiable parental consent when processing children’s personal data and personal data of person with disability. This includes validating parental identity and age through reliable documents or digital locker tokens. Notably, the Explanatory Statement to the Draft Rules, requires fiduciaries to confirm the parent-child relationship, a potentially onerous task. Further clarification on the extent of fiduciary diligence in such cases is imperative to avoid operational challenges. Additionally, the Draft Rules also now provide clarity on what constitutes a “person with disability” under the Rights of Persons with Disabilities Act, 2016<\/a>2<\/sup><\/a> and National Trust for Welfare of Persons with Autism, Cerebral Palsy, Mental Retardation and Multiple Disabilities Act, 1999<\/a>3<\/sup><\/a>.<\/p>\n

(7) Obligations of significant data fiduciaries<\/p>\n

The DPDP Act<\/a> had introduced the concept of significant data fiduciaries (SDFs) to be determined basis factors such as data volume, sensitivity, and potential risks to democracy and individual rights. While the Draft Rules state that SDFs must conduct annual audits and data protection impact assessments (DPIAs), they do not prescribe a format or manner of conducting such DPIAs. Further, while the DPDP Act<\/a> provides the factors for determination of an SDF, the Draft Rules do not shed any further clarity on the classification based on those factors. The classification will be helpful for determining whether particular operations\/businesses will be classified as an SDF or an entire entity (which could be in multiple businesses) will be classified as an SDF.<\/p>\n

(8) Rights of data principals<\/p>\n

The Draft Rules elaborate on the role of consent managers in enabling data principals to exercise their rights. They also specify the information consent managers must publish to facilitate the exercise of these rights, ensuring transparency and accessibility.<\/p>\n

Conclusion<\/h2>\n

India’s data protection journey is unfolding against the backdrop of a dynamic Asia-Pacific landscape, where countries like Vietnam and Indonesia are enacting robust data protection laws, and China is advancing regulations for emerging technologies like deepfakes. The DPDP Act<\/a> positions India as an active participant in the region, with potential to influence future governance of artificial intelligence and national cybersecurity. MeitY’s recent “Report on AI Governance Guidelines Development” highlights the DPDP Act<\/a>‘s foundational role in shaping cybersecurity frameworks. However, there are gaps that need to be addressed for an efficient implementation of the DPDP Act<\/a>. The Government may consider releasing “Frequently Asked Questions” as was done in case of directions issued by the Indian Computer Emergency Response Team. These will help in addressing aspects such as form and manner of DPIA, classification of SDFs, etc.<\/p>\n

From a business compliance perspective, implementation strategies should prioritise proactive measures such as:<\/p>\n

(i<\/span>) Conducting readiness assessments to align existing processes with the DPDP framework.<\/p>\n

(ii<\/span>) Investing in capacity-building for data protection officers and compliance teams.<\/p>\n

(iii<\/span>) Leveraging technological solutions like automated consent management and breach detection tools.<\/p>\n

(iv<\/span>) Conducting awareness and training sessions for employees and vendors.<\/p>\n

By adopting these measures, businesses can not only ensure compliance but also build consumer trust and strengthen their competitive edge in a privacy-conscious marketplace. The DPDP Act<\/a> and its Draft Rules, once finalised, promise to be transformative, setting a new benchmark for privacy governance in India.<\/p>\n<\/div>\n\n

*Partner, Khaitan & Co.<\/span><\/strong><\/p>\n

**Associate, Khaitan & Co.<\/span><\/strong><\/p>\n

1.<\/a> Digital Personal Data Protection Act, 2023<\/a>.<\/p>\n

2.<\/a> Rights of Persons with Disabilities Act, 2016<\/a>.<\/p>\n

3.<\/a> National Trust for Welfare of Persons with Autism, Cerebral Palsy, Mental Retardation and Multiple Disabilities Act, 1999<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

by Harsh Walia* and Vanshika Lal**<\/p>\n","protected":false},"author":8808,"featured_media":339937,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[20271,47404],"tags":[55628,77946,64751,64752,77945,77943,77942,77944,11171],"class_list":["post-339887","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-experts_corner","category-khaitan-co","tag-55628","tag-digital-data-protection","tag-digital-personal-data-protection-act","tag-dpdp-act","tag-dpdp-framework","tag-dpdp-rules","tag-draft-digital-personal-data-protection-rules-2025","tag-draft-rules","tag-privacy"],"yoast_head":"\nIndia's Leap Towards an Era of Privacy: MeitY Releases Draft Digital Personal Data Protection (DPDP) Rules | SCC Times<\/title>\n<meta name=\"description\" content=\"In a significant development, the Ministry of Electronics and Information Technology (MeitY) has unveiled the Draft Digital Personal Data\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"India's Leap Towards an Era of Privacy: MeitY Releases Draft Digital Personal Data Protection (DPDP) Rules\" \/>\n<meta property=\"og:description\" content=\"In a significant development, the Ministry of Electronics and Information Technology (MeitY) has unveiled the Draft Digital Personal Data\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/\" \/>\n<meta property=\"og:site_name\" content=\"SCC Times\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/scc.online\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-28T07:00:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-28T12:38:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/01\/Draft-Digital-Personal-Data-Protection-Rules-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"886\" \/>\n\t<meta property=\"og:image:height\" content=\"590\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Bhumika Indulia\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"India's Leap Towards an Era of Privacy: MeitY Releases Draft Digital Personal Data Protection (DPDP) Rules\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Bhumika Indulia\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/\",\"url\":\"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/\",\"name\":\"India's Leap Towards an Era of Privacy: MeitY Releases Draft Digital Personal Data Protection (DPDP) Rules | SCC Times\",\"isPartOf\":{\"@id\":\"https:\/\/www.scconline.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/01\/Draft-Digital-Personal-Data-Protection-Rules-1.webp\",\"datePublished\":\"2025-01-28T07:00:55+00:00\",\"dateModified\":\"2025-01-28T12:38:26+00:00\",\"author\":{\"@id\":\"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/919ec47cc1b871b362af05740398033a\"},\"description\":\"In a significant development, the Ministry of Electronics and Information Technology (MeitY) has unveiled the Draft Digital Personal Data\",\"breadcrumb\":{\"@id\":\"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/#primaryimage\",\"url\":\"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/01\/Draft-Digital-Personal-Data-Protection-Rules-1.webp\",\"contentUrl\":\"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/01\/Draft-Digital-Personal-Data-Protection-Rules-1.webp\",\"width\":886,\"height\":590,\"caption\":\"Draft Digital Personal Data Protection Rules\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.scconline.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"India’s Leap Towards an Era of Privacy: MeitY Releases Draft Digital Personal Data Protection (DPDP) Rules\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.scconline.com\/blog\/#website\",\"url\":\"https:\/\/www.scconline.com\/blog\/\",\"name\":\"SCC Times\",\"description\":\"Bringing you the Best Analytical Legal News\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.scconline.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/919ec47cc1b871b362af05740398033a\",\"name\":\"Bhumika Indulia\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2021\/04\/Me-150x150.jpg\",\"contentUrl\":\"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2021\/04\/Me-150x150.jpg\",\"caption\":\"Bhumika Indulia\"},\"url\":\"https:\/\/www.scconline.com\/blog\/post\/author\/editor_1\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"India's Leap Towards an Era of Privacy: MeitY Releases Draft Digital Personal Data Protection (DPDP) Rules | SCC Times","description":"In a significant development, the Ministry of Electronics and Information Technology (MeitY) has unveiled the Draft Digital Personal Data","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/","og_locale":"en_US","og_type":"article","og_title":"India's Leap Towards an Era of Privacy: MeitY Releases Draft Digital Personal Data Protection (DPDP) Rules","og_description":"In a significant development, the Ministry of Electronics and Information Technology (MeitY) has unveiled the Draft Digital Personal Data","og_url":"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/","og_site_name":"SCC Times","article_publisher":"https:\/\/www.facebook.com\/scc.online\/","article_published_time":"2025-01-28T07:00:55+00:00","article_modified_time":"2025-01-28T12:38:26+00:00","og_image":[{"width":886,"height":590,"url":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/01\/Draft-Digital-Personal-Data-Protection-Rules-1.jpg","type":"image\/jpeg"}],"author":"Bhumika Indulia","twitter_card":"summary_large_image","twitter_title":"India's Leap Towards an Era of Privacy: MeitY Releases Draft Digital Personal Data Protection (DPDP) Rules","twitter_misc":{"Written by":"Bhumika Indulia","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/","url":"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/","name":"India's Leap Towards an Era of Privacy: MeitY Releases Draft Digital Personal Data Protection (DPDP) Rules | SCC Times","isPartOf":{"@id":"https:\/\/www.scconline.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/#primaryimage"},"image":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/#primaryimage"},"thumbnailUrl":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/01\/Draft-Digital-Personal-Data-Protection-Rules-1.webp","datePublished":"2025-01-28T07:00:55+00:00","dateModified":"2025-01-28T12:38:26+00:00","author":{"@id":"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/919ec47cc1b871b362af05740398033a"},"description":"In a significant development, the Ministry of Electronics and Information Technology (MeitY) has unveiled the Draft Digital Personal Data","breadcrumb":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/#primaryimage","url":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/01\/Draft-Digital-Personal-Data-Protection-Rules-1.webp","contentUrl":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/01\/Draft-Digital-Personal-Data-Protection-Rules-1.webp","width":886,"height":590,"caption":"Draft Digital Personal Data Protection Rules"},{"@type":"BreadcrumbList","@id":"https:\/\/www.scconline.com\/blog\/post\/2025\/01\/28\/indias-leap-towards-an-era-of-privacy-meity-releases-draft-digital-personal-data-protection-dpdp-rules\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.scconline.com\/blog\/"},{"@type":"ListItem","position":2,"name":"India’s Leap Towards an Era of Privacy: MeitY Releases Draft Digital Personal Data Protection (DPDP) Rules"}]},{"@type":"WebSite","@id":"https:\/\/www.scconline.com\/blog\/#website","url":"https:\/\/www.scconline.com\/blog\/","name":"SCC Times","description":"Bringing you the Best Analytical Legal News","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.scconline.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/919ec47cc1b871b362af05740398033a","name":"Bhumika Indulia","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2021\/04\/Me-150x150.jpg","contentUrl":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2021\/04\/Me-150x150.jpg","caption":"Bhumika Indulia"},"url":"https:\/\/www.scconline.com\/blog\/post\/author\/editor_1\/"}]}},"jetpack_featured_media_url":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/01\/Draft-Digital-Personal-Data-Protection-Rules-1.webp","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":299820,"url":"https:\/\/www.scconline.com\/blog\/post\/2023\/08\/22\/indias-digital-personal-data-protection-act-2023-impact-on-hospitality-sector\/","url_meta":{"origin":339887,"position":0},"title":"India’s Digital Personal Data Protection Act, 2023 \u2014 Impact on Hospitality Sector","author":"Bhumika Indulia","date":"August 22, 2023","format":false,"excerpt":"by Supratim Chakraborty\u2020 and Himeli Chatterjee\u2020\u2020 Cite as: 2023 SCC OnLine Blog Exp 68","rel":"","context":"In "Experts Corner"","block_context":{"text":"Experts Corner","link":"https:\/\/www.scconline.com\/blog\/post\/category\/experts_corner\/"},"img":{"alt_text":"india digital personal data protection act 2023","src":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/india-digital-personal-data-protection-act-2023.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/india-digital-personal-data-protection-act-2023.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/india-digital-personal-data-protection-act-2023.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2023\/08\/india-digital-personal-data-protection-act-2023.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":380677,"url":"https:\/\/www.scconline.com\/blog\/post\/2026\/04\/10\/consent-governance-dpdp-act-most-misread-obligation\/","url_meta":{"origin":339887,"position":1},"title":"Consent as Governance: Understanding DPDP’s Most Misread Obligation","author":"Editor","date":"April 10, 2026","format":false,"excerpt":"by Rohini Jadhao*","rel":"","context":"In "Op Eds"","block_context":{"text":"Op Eds","link":"https:\/\/www.scconline.com\/blog\/post\/category\/op-ed\/legal-analysis\/"},"img":{"alt_text":"DPDP Consent Governance India","src":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2026\/04\/DPDP-Consent-Governance-India.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2026\/04\/DPDP-Consent-Governance-India.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2026\/04\/DPDP-Consent-Governance-India.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2026\/04\/DPDP-Consent-Governance-India.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":371058,"url":"https:\/\/www.scconline.com\/blog\/post\/2025\/12\/26\/digital-personal-data-protection-rules-2025-key-highlights\/","url_meta":{"origin":339887,"position":2},"title":"Digital Personal Data Protection (DPDP) Rules, 2025: Key Highlights of the Newly Notified Framework","author":"Editor","date":"December 26, 2025","format":false,"excerpt":"Ashish Deep Verma*","rel":"","context":"In "Op Eds"","block_context":{"text":"Op Eds","link":"https:\/\/www.scconline.com\/blog\/post\/category\/op-ed\/legal-analysis\/"},"img":{"alt_text":"Digital Personal Data Protection Rules 2025","src":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/12\/Digital-Personal-Data-Protection-Rules-2025.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/12\/Digital-Personal-Data-Protection-Rules-2025.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/12\/Digital-Personal-Data-Protection-Rules-2025.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/12\/Digital-Personal-Data-Protection-Rules-2025.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":334827,"url":"https:\/\/www.scconline.com\/blog\/post\/2024\/11\/11\/digital-personal-data-protection-act-2023-employers-guide\/","url_meta":{"origin":339887,"position":3},"title":"Digital Personal Data Protection Act, 2023: A Ready Reckoner for Employers","author":"Bhumika Indulia","date":"November 11, 2024","format":false,"excerpt":"by Avik Biswas*, Supratim Chakraborty**, Sumantra Bose*** and Ivana Chatterjee****","rel":"","context":"In "Experts Corner"","block_context":{"text":"Experts Corner","link":"https:\/\/www.scconline.com\/blog\/post\/category\/experts_corner\/"},"img":{"alt_text":"DPDP Act employers guide","src":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2024\/11\/DPDP-Act-employers-guide.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2024\/11\/DPDP-Act-employers-guide.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2024\/11\/DPDP-Act-employers-guide.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2024\/11\/DPDP-Act-employers-guide.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":313336,"url":"https:\/\/www.scconline.com\/blog\/post\/2024\/02\/07\/preparing-for-a-new-data-protection-regime\/","url_meta":{"origin":339887,"position":4},"title":"Preparing for a New Data Protection Regime","author":"Bhumika Indulia","date":"February 7, 2024","format":false,"excerpt":"by Sohini Banerjee\u2020 and Anmol Bharuka\u2020\u2020 Cite as: 2024 SCC OnLine Blog Exp 14","rel":"","context":"In "Experts Corner"","block_context":{"text":"Experts Corner","link":"https:\/\/www.scconline.com\/blog\/post\/category\/experts_corner\/"},"img":{"alt_text":"new data protection regime","src":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2024\/02\/new-data-protection-regime.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2024\/02\/new-data-protection-regime.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2024\/02\/new-data-protection-regime.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2024\/02\/new-data-protection-regime.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":366711,"url":"https:\/\/www.scconline.com\/blog\/post\/2025\/11\/14\/meity-notified-digital-personal-data-protection-rules-2025\/","url_meta":{"origin":339887,"position":5},"title":"Your Complete Guide to Digital Personal Data Protection Rules, 2025","author":"Shubhi","date":"November 14, 2025","format":false,"excerpt":"Gov has notified the DPDP Rules to establish a robust framework for privacy, consent, security, and governance in India\u2019s digital ecosystem.","rel":"","context":"In "Legislation Updates"","block_context":{"text":"Legislation Updates","link":"https:\/\/www.scconline.com\/blog\/post\/category\/legislationupdates\/"},"img":{"alt_text":"Digital Personal Data Protection Rules 2025","src":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/11\/Digital-Personal-Data-Protection-Rules-2025.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/11\/Digital-Personal-Data-Protection-Rules-2025.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/11\/Digital-Personal-Data-Protection-Rules-2025.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.scconline.com\/blog\/wp-content\/uploads\/2025\/11\/Digital-Personal-Data-Protection-Rules-2025.webp?resize=700%2C400&ssl=1 2x"},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/posts\/339887","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/users\/8808"}],"replies":[{"embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/comments?post=339887"}],"version-history":[{"count":0,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/posts\/339887\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/media\/339937"}],"wp:attachment":[{"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/media?parent=339887"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/categories?post=339887"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/tags?post=339887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}