The DPDP Rules clarify consent, breach reporting, minors’ data safeguards and cross-border flows, giving entities time to comply by May 2027
Privacy-by-design, limited retention, and strong accountability requirements anchor the framework in constitutional protection for personal data
RTI amendments and a digital-first Data Protection Board signal a shift toward structured oversight of how personal data is managed
Stricter norms for significant data fiduciaries and rigorous standards for consent managers aim to ensure secure, transparent data practices
Clear notices, easy consent withdrawal, and robust safeguards for minors and users with disabilities reshape compliance across major platforms
Mandatory breach alerts, risk controls, and flexible cross-border rules enhance protection, though wide government exemptions remain a concern