DPDP insights, in plain English.
Practical, citation-backed guidance on India's Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025 — written for the teams who have to implement them. Browse by topic below.
DPDP for Healthcare and Healthtech: Consent, Sensitive Data and Sector Rules
How the DPDP Act applies to patient data: why there is no separate "sensitive data" tier, how medical-emergency processing works, and how sector rules interact.
DPDP Compliance for SaaS Companies and Startups in India
Are you a Data Fiduciary or a Processor? How DPDP applies to B2B SaaS — DPAs with sub-processors, consent for product analytics, and handling customer data.
DPDP Compliance for D2C and E-commerce Brands in India
Consent at signup and checkout, unbundled marketing consent, the age-determination problem for OTP signups, and tracking consent — DPDP for D2C and e-commerce.
Children's Data Under the DPDP Act: Verifiable Parental Consent Explained
The under-18 rule, verifiable parental consent (§9, Rule 10), the ban on tracking and targeted ads to children, and the practical age-verification challenge.
Personal Data Breach Reporting Under the DPDP Rules: What and When to Report
DPDP requires notifying the Data Protection Board and affected individuals of every breach. The 72-hour Board report (Rule 7) and a practical reporting playbook.
DPDP Cookie Consent: What Indian Websites Actually Need to Do
The DPDP Act doesn't mention cookies — but its consent rules govern tracking. What a compliant banner looks like, the under-18 limits, and the common mistakes.
What Is a Grievance Officer Under the DPDP Act — and Does Your Company Need One?
Every fiduciary needs a published grievance contact and a redressal mechanism (§8(9), §13), resolved within 90 days — and only SDFs need a DPO. Here is the difference.
Data Principal Rights Under DPDP: Access, Correction, Erasure and Grievance
The four DPDP rights — access (§11), correction and erasure (§12), and grievance (§13) — what each obliges you to build, and how request workflows should run.
Consent Management Platform vs Consent Manager: What's the Difference Under DPDP?
A CMP is software a fiduciary deploys; a Consent Manager is a Board-registered intermediary (Rule 4, First Schedule). Which one your business actually needs.
A Founder's Guide to the DPDP Act Compliance Timeline
The Act passed in 2023, the Rules were notified in Nov 2025, and substantive obligations commence 13 May 2027. What the phased timeline means and what to do now.
DPDP Act 2023: What Banks and NBFCs Need to Know
India's DPDP Act creates specific obligations for BFSI entities processing customer financial data. Here's what banks, NBFCs, and insurance companies need to do — and by when.
DPDP vs GDPR: A Practical Comparison for Indian CTOs
Many Indian tech companies have GDPR-compliant processes. Here's exactly what's different under India's DPDP Act — and what you need to add, remove, or change.
Not sure where you stand on DPDP?
Map your organisation against all 15 obligation areas in about 12 minutes — no login, instant results.