India’s Digital Privacy Law Now Operational with DPDP Rules 2025
The government has formally notified the Digital Personal Data Protection (DPDP) Rules 2025, marking a significant milestone in India’s data protection journey and setting compliance deadlines for companies handling user data.
Key Takeaways
- DPDP Rules 2025 provide clearer compliance roadmap for industry
- Enhanced clarity on verifiable consent and provisions for children
- Phased implementation schedule offers predictable transition
Nasscom-Data Security Council of India (DSCI) commended the Ministry of Electronics and Information Technology for its consultative approach, noting that the final rules preserve the draft framework’s structure while introducing a transparent phased commencement schedule.
Key Enhancements and Industry Perspective
The rules bring greater clarity on verifiable consent with embedded definitions and well-structured provisions for children and persons with disabilities. State processing sections remain consistent with improved readability.
“We commend the Ministry of Electronics and Information Technology for adopting a constructive, consultative approach throughout the drafting process. The final Rules largely preserve the structure and policy choices of the draft framework, while introducing a transparent and predictable phased commencement schedule,” said Nasscom-DSCI.
However, the industry body noted that some concerns raised during consultations stem from the Act’s architecture itself and couldn’t be addressed through subordinate legislation.
“At the same time, it is important to recognise that certain matters raised by industry during consultation arise from the architecture of the Act itself and could not realistically be addressed through subordinate legislation,” said Nasscom-DSCI.
Implementation Focus and Global Cooperation
Key implementation challenges include parental consent structures, statutory age thresholds for children, and mandatory breach notifications. The focus now shifts to practical, proportionate implementation aligned with the law’s objectives.
On international data transfers, Nasscom-DSCI emphasized developing interoperability mechanisms to facilitate cooperation with India’s key trading partners.
The new framework requires social media platforms, online gateways, and all organizations handling personal data to provide users with detailed explanations of information collection and usage purposes.
