ISpectra Technologies
Privacy · India Regulation

What is DPDP Act?

India’s Digital Personal Data Protection Act 2023 — the rules for how organisations handle the personal data of Indian residents.

Definition

The DPDP Act (Digital Personal Data Protection Act, 2023) is India’s data-protection law. It sets out how “data fiduciaries” may collect and process the personal data of “data principals” (individuals), built around consent, clear notice, purpose limitation and accountability.

It introduces obligations such as obtaining valid consent, honouring data-principal rights, reporting breaches and — for “significant data fiduciaries” — additional duties like appointing a Data Protection Officer and conducting audits.

Key DPDP obligations

1

Consent & notice

Clear, informed consent with an itemised notice.

2

Purpose limitation

Use data only for the stated purpose.

3

Data-principal rights

Access, correction, erasure and grievance redressal.

4

Breach notification

Report personal-data breaches to the Board.

5

Significant Data Fiduciaries

DPO, audits and impact assessments.

Who needs to comply?

Any organisation — in India or abroad — that processes the digital personal data of individuals in India in connection with offering goods or services.

How ISpectra helps

ISpectra prepares you for the DPDP Act — data mapping, consent and notice mechanisms, rights-handling workflows, breach response and (where applicable) significant-data-fiduciary obligations.

Talk to an advisor