The Government of India has officially notified the Digital Personal Data Protection (DPDPA) Rules, 2025, operationalising the DPDPA Act, 2023 and laying out detailed compliance requirements for organisations processing personal data in India. The Rules introduce staggered implementation timelines, stricter notice and consent standards, mandatory breach reporting, clear retention and auto-erasure norms, stronger protections for children’s data, and a regulated framework for Consent Managers. They also impose enhanced responsibilities on Significant Data Fiduciaries, mandate security safeguards such as encryption and access controls, and establish a digital-first enforcement mechanism through the Data Protection Board, aiming to strengthen privacy rights and ensure accountable data governance across sectors.
