Central regulation
Digital Personal Data Protection Act Compliance
Every business processing digital personal data of Indian individuals must obtain notice-based consent, fulfill data principal rights, register a grievance officer, and report personal data breaches to the Data Protection Board within 72 hours.
Definition
Every business processing digital personal data of Indian individuals must obtain notice-based consent, fulfill data principal rights, register a grievance officer, and report personal data breaches to the Data Protection Board within 72 hours.
- SourceDigital Personal Data Protection Act, 2023 + DPDP Rules, 2025 — Sections 5–11 (consent, rights, breach)meity.gov.in
What it means in practice
Digital Personal Data Protection Act Compliance is administered by Ministry of Electronics & IT (MeitY) / Data Protection Board. The obligation is grounded in Digital Personal Data Protection Act, 2023 + DPDP Rules, 2025 (Sections 5–11 (consent, rights, breach)).
Significant Data Fiduciaries (notified by Centre) face additional obligations: DPIA, audit, DPO appointment. Children's data requires verifiable parental consent.
- SourceDigital Personal Data Protection Act, 2023 + DPDP Rules, 2025 — Sections 5–11 (consent, rights, breach)meity.gov.in
Triggers (applicability predicates)
These predicates are evaluated by Compliance Radar's applicability engine against a business profile to decide whether this rule applies.
processes_personal_data=true
Deadlines and penalty
Cadence: ongoing
Penalty for default: Penalties up to Rs 250 crore per instance under Schedule (e.g. Rs 250 cr for breach of security safeguards, Rs 200 cr for failure of data fiduciary obligations).
Citations
- SourceDigital Personal Data Protection Act, 2023 + DPDP Rules, 2025 — Sections 5–11 (consent, rights, breach)meity.gov.in