DPDP Act 2023
Get ready for India's DPDP Act, with full compliance due by 13 May 2027.
DPDP Gap Analysis
Against the Act and the 2025 Rules
SDF Data Audit
Independent audit for Significant Data Fiduciaries
Consent & Breach
Consent architecture and breach readiness
India Privacy Advisors
DPDP specialists
What it is
India's Digital Personal Data Protection Act 2023 and the DPDP Rules (notified 13 November 2025) form the country's comprehensive personal-data law. They mandate lawful consent, breach notification, data-principal rights, security safeguards and heightened duties for Significant Data Fiduciaries.
Who must comply
Every Data Fiduciary processing digital personal data of individuals in India, plus certain offshore processing targeting India. Significant Data Fiduciaries face DPIAs, annual audits, a DPO and an independent data auditor.
How IntelligenceX helps
Frequently Asked Questions
Core obligations (consent, security, breach, rights, retention) take effect around 13 May 2027, eighteen months after the November 2025 Rules. Consent Manager registration opens around 13 November 2026. Start now; building this machinery takes 12-18 months.
DPDP is leaner and consent-driven, with no legitimate-interest basis, no default localisation, flat rupee penalty caps instead of revenue percentages, and DPO requirements only for Significant Data Fiduciaries. GDPR compliance helps but does not equal DPDP.
It is a strong head start but not sufficient. DPDP is consent-driven with no legitimate-interest basis, different breach and children's-data rules and rupee-denominated penalties, so we run a focused delta assessment and close the India-specific gaps.