 "dpdp act india, india data protection rules, bundled consent india, user data privacy india, digital consent management, meity data rules, data fiduciaries india, india internet privacy law")
The notification of the Digital Personal Data Protection (DPDP) Rules last week gives the DPDP Act operational clarity in defining how consent is to be taken, breaches reported, minors’ data protected, and on how cross-border data flows. Entities guilty of breaches could face penalties of up to ~250 crore. There is an 18-month runway to full compliance by May 2027. The framework offers privacy-by-design, minimises data retention, and enforces accountability in line with constitutional protections for digital personal data (DPD).
The Right to Information Act, 2005, has required amendment to align itself with the DPDP Act.
