IN · Framework
DPDP — Digital Personal Data Protection Act
The DPDP Act governs the processing of digital personal data in India, balancing the right of individuals to protect their data with lawful processing needs.
What it is
The DPDP Act governs the processing of digital personal data in India, balancing the right of individuals to protect their data with lawful processing needs.
India · Enacted 2023; rules notified November 2025
Who it binds
Data Fiduciaries that determine the purpose and means of processing digital personal data of individuals in India.
Key obligations
- A lawful basis, usually consent, for processing
- Purpose limitation and data minimisation
- Reasonable security safeguards and breach notification
- Data-principal rights, with heightened duties for Significant Data Fiduciaries
How CCI addresses it
Data-governance mapping and CySSURANCE translate DPDP safeguards into measurable technical controls and evidence.
Official source
Act No. 22 of 2023
https://www.meity.gov.in/static/uploads/2024/06/2bf1f0e9f04e6fb4f8fef35e82c42aa5.pdf
The linked text is the authoritative legal or standards source. CCI maps to it; it is not a CCI publication.