Get privacy insights in your inbox.

India

DPDPA

Digital Personal Data Protection Act

The Digital Personal Data Protection Act is India's comprehensive data privacy law enacted in 2023, governing the processing of digital personal data with an emphasis on consent, data fiduciary obligations, and the rights of data principals.

Source: IQWorks — iqworks.ai | Last updated: 2026-03-20

Effective

Aug 11, 2023

Jurisdiction

India

Max Penalty

INR 250 crore (approximately USD 30 million)

Enforced By

Data Protection Board of India

Who Does DPDPA Apply To?

Personal data collected in digital form or digitized after collection, processed within India or outside India if related to offering goods or services to individuals in India.

Key Requirements

Consent

Processing requires free, specific, informed, unconditional, and unambiguous consent indicated by a clear affirmative action. Notices must be in English or any of 22 scheduled Indian languages.

Significant Data Fiduciary

Government-designated SDFs must appoint a DPO based in India, conduct periodic DPIAs, and undergo independent audits.

Children's Data

Blanket prohibition on behavioral monitoring and targeted advertising directed at children. Verifiable parental consent required.

Data Breach Notification

Data fiduciaries must notify the Data Protection Board and affected data principals of personal data breaches.

Data Retention

Personal data must be erased once the purpose for collection is fulfilled and retention is no longer necessary, unless required by law.

Consent Notices

Must describe the personal data to be collected, the purpose of processing, and how data principals can exercise their rights. Available in 22+ Indian languages.

Individual Rights Under DPDPA

Right to access information about processing
Right to correction and erasure
Right to grievance redressal
Right to nominate another individual for post-death rights

Frequently Asked Questions

What is DPDPA?

The Digital Personal Data Protection Act is India's comprehensive data privacy law enacted in 2023, governing the processing of digital personal data with an emphasis on consent, data fiduciary obligations, and the rights of data principals.

What are the penalties for DPDPA non-compliance?

The maximum penalty under DPDPA is INR 250 crore (approximately USD 30 million). Enforcement is handled by Data Protection Board of India.

Who does DPDPA apply to?

Personal data collected in digital form or digitized after collection, processed within India or outside India if related to offering goods or services to individuals in India.

When did DPDPA take effect?

Digital Personal Data Protection Act was enacted in 2023 and became effective on August 11, 2023.

Compare DPDPA

DPDPA vs GDPR: A Comprehensive ComparisonDPDPA vs CCPA: India and California Privacy Laws ComparedDPDPA vs LGPD: India and Brazil Privacy Laws Compared

Compliance Guides

Complete Guide to DPDPA ComplianceDPDPA Compliance for Startups

Related Regulations

GDPR

European Union

CCPA/CPRA

California, United States

LGPD

Brazil

See also: DPDPA (Digital Personal Data Protection Act) in the glossary

Automate DPDPA Compliance

IQWorks helps organizations achieve and maintain DPDPA compliance with AI-powered automation.

Request Demo