The Ministry of Electronics and Information Technology released the Draft Digital Personal Data Protection Rules, 2025 on January 3, 2025, inviting public feedback to refine India’s data protection framework under the DPDPA, 2023.
These rules provide detailed guidance on implementing core provisions of the Act—defining how organisations must collect, process, and protect personal data while upholding individual rights.
? What's Covered in the Draft DPDP Rules?
Consent Architecture: Structure and requirements for valid, informed consent
Children’s Data: Special obligations around age verification and parental approval
Consent Managers: Eligibility, duties, and registration process
Data Protection Board: Powers, functions, and procedure for inquiries
Notices & Disclosures: Mandatory elements in privacy notices
Security & Safeguards: Technical and organisational measures for data safety
Grievance Redressal: Complaint resolution procedures and timelines
? Why These Rules Matter
The Draft DPDP Rules are critical in operationalising India’s data privacy law. They offer much-needed clarity to organisations navigating compliance and help ensure responsible data handling that respects individual privacy.
Whether you’re a data fiduciary, data processor, or privacy professional, these rules set the direction for practical implementation of the DPDPA, 2023.
? Want to Know More About the Draft DPDPA Rules?
Visit our detailed breakdown covering all major provisions, compliance insights, and what to expect next in India’s data protection journey.
