ARTICLE
22 December 2025

Digital Personal Data Protection Act 2025

IL
IndiaLaw LLP

Contributor

IndiaLaw LLP logo

Founded by Managing Partner K.P. Sreejith, INDIALAW began as a small firm in Mumbai with a commitment to client service and corporate-focused legal solutions. From its modest beginnings, the firm has grown into a respected name by prioritizing excellence, integrity, and tailored legal strategies. INDIALAW’s team believes in adapting to each client’s unique needs, ensuring that solutions align with individual circumstances and business goals.

The firm combines its deep understanding of the local business landscape with experience across multiple jurisdictions, enabling clients to navigate complex legal environments effectively. INDIALAW emphasizes proactive service, anticipating client needs and potential challenges to provide timely, high-quality legal support. The firm values lasting client relationships and sees its role as a trusted advisor, dedicated to delivering business-friendly and principled legal counsel.

Explore Firm Details
The DPDP act rules were notified on 13th Nov. DPD Act governs how organizations collect, use, store, and process personal data of individuals ("Data Principals") in India.
India Privacy
IndiaLaw LLP
IndiaLaw LLP are most popular:
  • within Privacy, Compliance and Immigration topic(s)
  • with readers working within the Law Firm industries

The DPDP act rules were notified on 13th Nov. DPD Act governs how organizations collect, use, store, and process personal data of individuals (“Data Principals”) in India.

DPDPA Implementation Timeline

Quick Reference Guide

Effective: November 13, 2025 (Notification Date)

  • Data Protection Board of India established
  • Board composition, qualifications & governance framework
  • Rule-making powers activated
  • No compliance obligations for organizations yet

PHASE 2: Consent Manager Ecosystem

  • Consent Manager registration operational
  • Technical & operational framework for consent management
  • Optional for Data Fiduciaries
  • Single point of contact for consent lifecycle

PHASE 3: Full Compliance & Enforcement

  • All consent & notice requirements enforceable
  • Security safeguards & breach notification mandatory
  • Children's data protection requirements active
  • Significant Data Fiduciary obligations active
  • Grievance redressal requirements active
  • Data Principal rights enforceable (access, correction, erasure)
  • Cross-border transfer restrictions enforced

Want to know more, drop an email to with subject line “DPDP Awareness” and we will be pleased to host an awareness session for you with your management / stakeholders.

In terms of timelines for most of the provisions Govt gave 18 months lead time:

  1. provisions relating to Data Protection Board will be in effect from November 13, 2025
  2. provisions on Consent Manager will come into effect from Nov 13, 2026 (one year lead time
  3. All other provisions will come into effect from May 13, 2027 (18 months lead time)

Penalties (per instance)

Violation Penalty
Failure to take reasonable security safeguard to protect 250 Cr
Failure to give notice upon breach of personal
data		 200 Cr
Breach in obligations owed to children 200 Cr
Breach of obligations of Significant Data
Fiduciaries		 150 Cr
Breach of consent obligations 50 Cr
Breach of any other provision 50 Cr

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Person photo placeholder
IndiaLaw LLP
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More