Govt notifies DPDP Act operationalising India’s first digital privacy law

National

 

The Union Government has notified rules for the Digital Personal Data Protection (DPDP) Act, operationalising India’s first digital privacy law.

The Union Government has notified rules for the Digital Personal Data Protection (DPDP) Act, operationalising India’s first digital privacy law.

With the new rules coming into play, social media and internet intermediaries, and any other companies that deal in user data, must provide data principals, or users, with an itemised description of their personal data to obtain their consent and specify the purpose for which their data will be used.

As per the DPDP Act, the new rules give companies and other stakeholders up to 18 months to comply with the administrative guidelines under the Act. Consent managers have up to 12 months to register to act on behalf of users.

The new rules also classify digital intermediaries based on the nature of the service provided by them and have set separate timelines by which these platforms must delete the user’s personal data unless its retention is necessary for compliance with any law for the time being in force.

Companies must also allow users to easily withdraw their consent for the processing of personal data or file a complaint with the Data Protection Board if they believe the platform has violated their rights.

To act as a consent manager, a company registered in India must apply to the Data Protection Board (DPB) and fulfill the conditions as notified by the DPB from time to time.

Further, a consent manager must fulfill all obligations at all times; failing to do so, the registration of the said company or person may be suspended by the DPB.

The DPB will operate entirely digitally and will be based in New Delhi. It will have four members, including a chairperson.

In case of any data breach happening, the data fiduciary shall notify the data principal or user, as well as the DPB, of the violation within 72 hours of becoming aware of it.

The data fiduciary shall inform the user of the description of the breach, its nature, the extent and the timing of its occurrence, the consequences of the data breach, the measures being implemented to mitigate the risk, and the safety measures to be taken by the user to protect themselves, the rules said.

SOURCE: THE STATESMAN

Related News

National
71 Views

Bihar Assembly elections 2025: Chirag Paswan strengthens footing in NDA with LJP(RV)’s strong showing

15 Nov,2025
National
53 Views

Massive explosion inside J&K police station leaves 8 injured

15 Nov,2025
National
96 Views

Adani Group lines up over Rs 1.6 lakh crore for power, tech, infrastructure projects in Assam, Andhra Pradesh

14 Nov,2025
National
76 Views

Bengal Man Killed Lover In Bus, Dumped Headless, Armless Body In Noida Drain

14 Nov,2025
National
92 Views

CISCE announces ICSE, ISC timetable for board exams; Class X from Feb 17 and XII from Feb 12

14 Nov,2025
National
67 Views

Communal graffiti at hostel shocks ISI, violates core values: Institute condemns act

14 Nov,2025
National
88 Views

NDA on course to sweep Bihar, BJP emerges biggest party, trends point to landslide win

14 Nov,2025
National
77 Views

Bihar Assembly election 2025 results LIVE: Early trends show BJP taking lead

14 Nov,2025