- The new rules will be implemented in a phased manner
- It is imperative to take proper measures to stop data leakage
- One year’s logs should be kept safe
The Central Government has issued the Digital Personal Data Protection (DPDP) Rules 2025. These new rules issued by the Union Ministry of Electronics and Information Technology are designed to implement the Digital Personal Data Protection Act 2023. Under the new rules Social mediaonline platforms and all such companies that handle users’ personal data will have to disclose what user data they are storing and how that data is being used. The central government has said that the new rules will be implemented in a phased manner. After the implementation of the new rules of DPDP, users in India will have more control over their data and their privacy will be protected.
X Update: Alan Mulk’s social media platform has a new encrypted chat feature! DMs replaced, users will get these facilities
Key Provisions of DPDP Rules 2025
According to the DPDP Rules 2025, a transparent rule will be issued on how government and private companies will store, process, save and manage users’ personal data. These regulations should include data security, companies’ responsibility for using data, and special safeguards for children’s data. (Photo Courtesy – Pinterest)
Strong protections for data trustees
According to the rules, it will be mandatory for every data trustee to take appropriate measures to prevent leakage of users’ data. For this they have to do personal data encryption, masking, obfuscation and tokenization. In addition, companies will have to implement stricter access controls to systems that store personal data. In addition, companies will have to create logging and monitoring systems to identify authorized data access.
Regular backup of data
Companies that store data are required to keep at least one year’s worth of logs. Along with this, security clauses must be mandatorily included in contracts made during data management or processing.
Information should be provided in case of data leakage
If a company leaks user data, then that company has to provide the relevant information to the users. Companies have to tell users what caused the data leak and what the consequences might be. Apart from this, companies have to provide information about the steps taken by the company for the safety of the users and what the users have to do for their safety. Companies will have to inform the Data Protection Board within 72 hours of a data leak.
An invitation for cybercriminals or negligence on the part of companies? Satellite links are vulnerable, easily leaking government and personal data
Strict rules for children’s data
Companies are required to obtain parental consent to process data of users under 18 years of age. The company will be obliged to obtain verification from a registered organization to identify the person giving permission to process the child’s data is the actual parent.
-
Kim Kardashian and Drake spark dating rumours after Italy
-
Woman Learns Husband Was Cheating From Text Message
-
The Pain Of Loneliness Ends For 3 Zodiac Signs After November 16, 2025
-
Need A Power Tool But Don’t Want To Buy It? Check Out Your Town’s Community Library
-
Disney and YouTube TV reach deal to end blackout
