The DPDPA received Presidential assent on August 11, 2023, and will be implemented once notified by the Indian Government. Once effective, it will serve as the primary statute governing the protection and processing of digital personal data in India. The DPDPA will be the central legislation regulating the processing of digital personal data in India. Before its enactment, India’s data protection framework consisted of:
- The Information Technology Act, 2000 (IT Act)
- The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules)
- Various sectoral regulations under banking, telecom, insurance, and consumer protection laws
The DPDPA emphasizes accountability, consent, and data minimization, while addressing cross-border data transfers. You can review the full text of the DPDPA here.
By adhering to the DPDPA, we ensure the protection of personal data and comply with both legal and ethical standards, building trust with our stakeholders.