The Digital Personal Data Protection Act (DPDPA) marks a major milestone in India’s digital governance framework. The act regulates how organisations collect, store, and process personal data.
Protect citizens’ data privacy
Establish rights of individuals over personal data
Impose accountability on data fiduciaries
Businesses must now adopt:
Data consent framework
Data retention policy
Secure storage & encryption
Grievance redressal mechanism
Blockquote: “The DPDPA is not just a technology regulation — it is a citizen-centric protection law ensuring dignity, autonomy and digital rights.”
| Violation | Penalty |
|---|---|
| Breach of personal data | Up to ₹250 crore |
| Failure to implement safeguards | Up to ₹200 crore |
Higher cybersecurity investment
Transparent data governance
Stronger user-data rights
Q1: Does the Act apply to start-ups?
Yes, with certain exemptions for low-risk personal data processing.
Q2: Will consent be required for marketing emails?
Yes, explicit and valid consent is mandatory.
Q3: Who regulates the Act?
The Data Protection Board of India.
Q4: Can individuals request data deletion?
Yes, under the “Right to Erasure”.
Q5: Does the Act apply to foreign companies?
Yes, if they process the data of Indian citizens.
