LATEST NEWS :
Mentorship Program For UPSC and UPPCS separate Batch in English & Hindi . Limited seats available . For more details kindly give us a call on 7388114444 , 7355556256.
asdas
Print Friendly and PDF

Digital Personal Data Protection Act (DPDP Act) 2023: Overview and Status

15.11.2025

 

Digital Personal Data Protection Act (DPDP Act) 2023: Overview and Status

 

Context

Passed in August 2023 following the Puttaswamy judgment recognizing privacy as a fundamental right, the DPDP Act is being operationalized in phases, with draft Rules (2025) and full implementation expected by 2026–27.

 

Key Concepts and Provisions

  • Governs all forms of digital personal data, including biometric, financial, health, and genetic information.
     
  • Defines Data Fiduciaries (entities handling data) and Data Principals (individuals).
     
  • Requires lawful processing, explicit consent, strong security, breach notification, and deletion of unnecessary data.
     
  • Imposes stricter obligations on Significant Data Fiduciaries.
     
  • Sets data retention limits, generally up to three years after last interaction.
     

 

Enforcement and Penalties

  • A four-member Data Protection Board of India (DPBI) oversees complaints and enforcement.
     
  • Penalties may run into hundreds of crores based on violations.
     
  • Firms must appoint Data Protection Officers by Nov 2026; full compliance expected by May 2027.
     
  • Mandatory breach notifications and yearly Data Protection Impact Assessments (DPIAs).
     

 

Criticism and Controversies

  • Broad government exemptions for security, law enforcement, and public interest raise fears of unchecked data access.
     
  • Amendment to RTI Act’s Section 8(1)(j) removes the “public interest” test, potentially reducing transparency and enabling misuse.
     

 

Current Status and Way Forward

  • DPDP Rules 2025 are being rolled out; DPBI is expected to function soon.
     
  • Organizations must overhaul consent, storage, and data-handling practices.
     
  • Ongoing reviews will aim to balance privacy with legitimate state access.
     

 

Conclusion

The DPDP Act strengthens India’s digital privacy framework through phased compliance and stricter safeguards. However, broad government exemptions and reduced transparency require vigilant oversight to ensure privacy protection without undermining democratic accountability.

Recent Posts

Top Tranding

Get a Callback