The Complete Guide to India's DPDP Act 2023

India's Digital Personal Data Protection Act 2023 is the country's first comprehensive data privacy legislation. This guide breaks down all 44 sections across 8 chapters in plain English, with compliance checklists, penalty amounts up to ₹250 Crore, and practical examples for every section.

Chapters Overview

• Chapter 1: Preliminary (Sections 1-3) — Scope, definitions, and applicability
• Chapter 2: Obligations of Data Fiduciary (Sections 4-10) — Consent, notice, security, children's data
• Chapter 3: Rights and Duties of Data Principal (Sections 11-16) — Access, correction, erasure, grievance redressal
• Chapter 4: Special Provisions (Section 17) — Exemptions for security, research, startups
• Chapter 5: Data Protection Board (Sections 18-26) — Regulatory authority establishment
• Chapter 6: Penalties and Remedies (Sections 27-33) — Penalties up to ₹250 Crore
• Chapter 7: Appeal and ADR (Sections 34-35) — Appeals to TDSAT and mediation
• Chapter 8: Miscellaneous (Sections 36-44) — Government powers, overriding effect

Key Penalties Under DPDP Act 2023

Implementation Timeline

• August 2023: Act passed by Parliament
• January 2025: DPDP Rules 2025 notified
• November 2025: Data Protection Board established
• November 2026: Consent Manager registration opens
• May 2027: Full compliance enforcement begins

Frequently Asked Questions

What is the DPDP Act 2023?

The Digital Personal Data Protection Act 2023 is India's first comprehensive data protection law, establishing rights for individuals and obligations for organizations processing personal data in digital form.

Who does the DPDP Act apply to?

It applies to all organizations processing digital personal data within India and to those processing data of Indian individuals from outside India when offering goods/services.

What are the maximum penalties?

The highest penalty is ₹250 Crore for failure to implement reasonable security safeguards leading to a data breach.