DPDP rules to build trustworthy, future-ready digital environment for India

New Delhi, Nov 17 The recent notification of Rules under the Digital Personal Data Protection Act (DPDPA), 2023, marks an important step in building a trustworthy and future-ready digital environment for the country, the government said on Monday.

The rules were notified on November 14, leading to the full operationalisation of the DPDP Act. Together, the Act and the Rules form a clear and citizen-centred framework for the responsible use of digital personal data.

“The Act and the Rules bring clarity to how personal data must be handled, strengthen the rights of individuals, and create firm responsibilities for organisations. The framework is practical in design and backed by wide public consultation, which makes it both inclusive and responsive to real needs,” said the government in an official statement.

“It supports the growth of India’s digital economy while ensuring that privacy remains central to its progress. With these measures now in place, India moves towards a safer, more transparent, and innovation-friendly data ecosystem that serves citizens and strengthens public confidence in digital governance,” it added.

As per the notification rolled out by the Ministry of Electronics and Information Technology (MeitY), social media sites, online gateways, and any other organisations handling personal data are required to give users a detailed explanation of the information being gathered and to make it apparent how it will be used.

Rights and protections for citizens under the Act include the right to give or refuse consent to the use of their personal data; the right to know how data is used; the right to access personal data; the right to correct, update, and erase personal data; and the right to nominate another person to exercise their data rights on their behalf.

If a breach takes place, citizens must be informed at the earliest. The message must explain what happened and what steps they can take. This helps people act quickly to reduce harm.

Special protection is provided for children and persons with disabilities.

The DPDP Act also imposes substantial financial penalties for non-compliance by Data Fiduciaries -- an entity that decides why and how personal data is processed, either alone or with others.

“The highest penalty up to Rs 250 crore applies to failure of a Data Fiduciary to maintain reasonable security safeguards. Not notifying the Board or affected individuals of a personal data breach, as well as violations of obligations relating to children, can each attract penalties of up to Rs 200 crore. Any other violation of the Act or Rules by a Data Fiduciary may attract penalties up to Rs 50 crore,” the statement said.

Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor