What is DPDP Act?
India’s Digital Personal Data Protection Act 2023 — the rules for how organisations handle the personal data of Indian residents.
Definition
The DPDP Act (Digital Personal Data Protection Act, 2023) is India’s data-protection law. It sets out how “data fiduciaries” may collect and process the personal data of “data principals” (individuals), built around consent, clear notice, purpose limitation and accountability.
It introduces obligations such as obtaining valid consent, honouring data-principal rights, reporting breaches and — for “significant data fiduciaries” — additional duties like appointing a Data Protection Officer and conducting audits.
Key DPDP obligations
Consent & notice
Clear, informed consent with an itemised notice.
Purpose limitation
Use data only for the stated purpose.
Data-principal rights
Access, correction, erasure and grievance redressal.
Breach notification
Report personal-data breaches to the Board.
Significant Data Fiduciaries
DPO, audits and impact assessments.
Who needs to comply?
Any organisation — in India or abroad — that processes the digital personal data of individuals in India in connection with offering goods or services.
How ISpectra helps
ISpectra prepares you for the DPDP Act — data mapping, consent and notice mechanisms, rights-handling workflows, breach response and (where applicable) significant-data-fiduciary obligations.
Talk to an advisor