top of page
Search
Writer's pictureRoyzz & Co
Jan 6

The Digital Personal Data Protection Rules, 2025

The Central Government has published the Draft of rules proposed to be made in exercise of the powers conferred by sub-sections (1) and (2) of section 40 of the Digital Personal Data Protection Act, 2023 (22 of 2023), on or after the date of coming into force of the Act.  


The Government has sought feedback from the public, up to 18th February 2025.   


The rules, inter alia, elaborates on the following:   

  1. The key ingredients, the Data Fiduciary is required to incorporate in the Notice to the Data Principal. 

  2. The obligations of the Consent Manager and the consequences of not adhering to the conditions and obligations as set out in the Rules 

  3. Security safeguards to be taken by the Data Fiduciary for the personal data in its possession or under its control 

  4. Steps to be taken on becoming aware of any personal data breach  of the Data Principal 

  5. Steps to be taken by the Data Fiduciary specified in the Third Schedule 

  6. Steps for obtaining verifiable consent of child or person with disability 

  7. Rights of the Data Principals 

  8. The process of transferring data to any country or territory outside India of personal data processed by a Data Fiduciary 

  9. The classes of the Data Fiduciaries to whom the provisions of sub-sections (1) and (3) of section 9 do not apply   

  10. The Constitution and the terms and conditions of the Data Protection Board and its Chairman and the Members 

  11. Terms and conditions of appointment and service of officers and employees of Board  


The Rules were much awaited. In anticipation of the same, lot of corporate entities have already embraced key protocols and procedures. It is only the first draft of the Rules which are now open for discussion.  

  

Some key definitions in the Digital Personal Data Protection Act, 2023 (DPDPA)  are: 


1. Data Fiduciary 

Data Fiduciary refers to any person, company, or entity that determines the purpose and means of processing personal data. Under the DPDPA.  Data Fiduciaries bear the primary responsibility for ensuring that personal data is processed lawfully, fairly, and transparently.   

 

2. Data Principal: 

Data principals who are also referred to as data subjects or users, are those individuals whose personal information is collected and processed by an organization known as the “data fiduciary”. 

 

3. Consent Manager:  

A Consent Manager acts as a single point of contact for the data principal to give, manage, review, and withdraw her consent through an accessible, transparent, and interoperable platform. 

 


Recent Posts

See All

Comments

bottom of page