New Delhi: Nasscom-Data Security Council of India (DSCI) on Friday said the government’s notification of the Digital Personal Data Protection (DPDP) Rules 2025 marks a significant milestone in India’s ongoing journey to strengthen its personal data protection architecture. With the rules now in force, the industry has a clearer and more actionable roadmap, it added.
“We commend the Ministry of Electronics and Information Technology for adopting a constructive, consultative approach throughout the drafting process. The final Rules largely preserve the structure and policy choices of the draft framework, while introducing a transparent and predictable phased commencement schedule,” said Nasscom-DSCI.
Key enhancements include greater clarity on verifiable consent with a definition embedded in the Rules, alongside well-structured, distinct provisions for children and persons with disabilities.
Add Zee News as a Preferred Source
The sections addressing processing by the State remain broadly consistent with the draft, with refined drafting that improves readability without altering the underlying intent.
“At the same time, it is important to recognize that certain matters raised by industry during consultation arise from the architecture of the Act itself and could not realistically be addressed through subordinate legislation,” said Nasscom-DSCI.
These include the overarching structure of parental consent, the statutory age threshold for children and the requirement that all personal data breaches be notified. Our focus now moves to supporting implementation in a manner that is practical, proportionate and aligned with the objectives of the law.
On international data transfers, Nasscom-DSCI said it recognizes the importance of developing mechanisms that support interoperability and facilitate co-operation with India’s key trading partners.
The government on Friday notified the rules for the Digital Personal Data Protection (DPDP) Act, formally operationalising India’s first digital privacy law and setting the compliance clock ticking for companies handling user data.
Social media sites, online gateways, and any other organizations handling personal data are required by the new framework to give users a detailed explanation of the information being gathered and to make it apparent how it will be used.
-
I'm A Celebrity's highest-paid campmates including one star's £1,500,000 fee
-
Clothes dry twice as fast with one device - not heated air dryers
-
Strictly Come Dancing star emotional as he reveals mum's heartbreaking diagnosis
-
Easy Ways to Use Rosemary Oil for Faster Hair Growth
-
Neena Singh's art as a journey toward inner freedom
