India: Draft Digital Personal Data Protection Rules, 2025 released – open to public comments
Author: Debashree Mukherjee (PwC India)
The Government of India had introduced the Digital Personal Data Protection Act, 2023 (DPDP Act) in 2023 with the objective of regulating the processing of digital personal data, the rights and duties of individuals (Data Principal) and obligations of organisations (Data Fiduciaries) to use or process personal data.
On 3 January 2025, the Ministry of Electronics and Information Technology released the draft of the Digital Personal Data Protection Rules, 2025 (Draft Rules) under the DPDP Act, inviting feedback or comments from the public. The deadline to submit the comments is 18 February 2025.
The draft DPDP Rules address several important areas, such as:
- Registration of consent managers
- Notifications in case of data breaches
- Clarity on what constitutes verifiable parental consent
- Cross-border transfer of personal data
- Timelines for adhering to obligations of significant data fiduciaries
- Framework for the functioning of the Data Protection Board of India, etc.
We have compiled further information for you here: Draft Digital Personal Data Protection Rules – Regulatory Insights
It would be critical for you to start preparing for India compliance with DPDPA. We will be happy to support you in this.
