Quick Answer
The DPDP Act 2023 one-page summary covers the essentials: it applies to all processors of digital personal data of Indian citizens, requires valid consent or legitimate use as lawful basis, mandates a Grievance Officer, and imposes penalties from ₹10 crore to ₹250 crore for violations. Enforcement is expected from May 2027 after DPDP Rules are finalised. This summary is designed for board briefings and executive awareness sessions.
Quick AnswerDPDP Act 2023 is India's comprehensive data protection law. It establishes individual rights over personal data, requires explicit consent for data processing, and creates a Data Protection Board to enforce compliance.
DPDP Compliance Checklist
- Who it covers: All entities processing personal data of individuals in India
- What is personal data: Any data that identifies an individual — name, email, phone, IP address, device ID
- Consent requirement: Explicit, informed, specific, and unambiguous consent required
- Individual rights: Access, correction, erasure, grievance redressal, nomination, consent withdrawal
- Data fiduciary obligations: Security safeguards, breach notification, grievance officer, purpose limitation
- Data processor obligations: Process only per fiduciary instructions, implement security, support breach notification
- Significant Data Fiduciary (SDF): DPO appointment, annual DPIA, annual data audit
- Breach notification: Notify Data Protection Board and affected individuals without undue delay
- Penalties: ₹10,000 to ₹250 crore depending on violation severity
- Regulator: Data Protection Board of India — complaints, investigations, penalties
Download Full Compliance Guide (Free)
Get the complete sector-specific checklist, risk areas, and 30-day action plan — delivered to your inbox.
Frequently Asked Questions
When must organisations comply with DPDP?+
Enforcement begins after the Data Protection Board is constituted. Organisations should implement compliance now — the May 2027 enforcement deadline is approaching.
Does DPDP apply to foreign companies?+
Yes. Any entity processing personal data of Indian residents — regardless of where the company is located — must comply with DPDP Act 2023.
Where can I read the full DPDP Act 2023?+
The full text is available at: https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf