Chat with us
Section 6 & Rule 4

Consent Management

Consent is the cornerstone of the DPDP Act. Understanding consent requirements and leveraging Consent Managers is essential for lawful data processing.

What Constitutes Valid Consent?

Free

Consent must be given freely without coercion or undue influence

Specific

Consent must be specific to the purpose for which data is processed

Informed

Data Principal must be fully informed about processing activities

Unconditional

Consent cannot be bundled with other services as a condition

Unambiguous

Clear affirmative action indicating agreement is required

Consent Manager (Rule 4)

A Consent Manager is a registered entity that enables Data Principals to give, manage, review, and withdraw consent through an accessible, transparent, and interoperable platform.

Register with the Data Protection Board of India
Maintain technical capability for interoperability
Provide accessible and transparent consent management
Enable Data Principals to give, manage, review, and withdraw consent
Maintain accurate records of all consents
Act only on instructions of Data Principal
Not have any conflict of interest
Provide consent audit trail when requested

Registration Requirements

Entity Requirements

Company incorporated in India
Net worth of at least ₹2 crore
No criminal convictions for directors

Technical Requirements

Interoperable platform
Secure consent storage
User-friendly interface
Audit trail capability

Operational Requirements

24/7 availability
Grievance redressal mechanism
Data protection measures
Regular compliance audits

Withdrawal of Consent

Data Principals have the right to withdraw consent at any time with the same ease as giving consent.

  • Must be as easy as giving consent
  • Takes effect from time of withdrawal
  • Does not affect prior processing

Upon withdrawal, Data Fiduciaries must:

  • Stop processing immediately
  • Erase personal data within specified time
  • Ensure processors also erase data

Need Consent Management Solutions?

TCSA helps implement robust consent management frameworks compliant with DPDP Act.

Related Certifications

Strengthen Your Compliance Posture

Explore complementary certifications that work together to provide comprehensive security and compliance coverage.

Complementary

ISO 27701

International privacy standard. Demonstrates global privacy best practices beyond DPDP.

Learn More
Foundation

ISO 27001

Information security foundation. DPDP compliance is easier with strong ISMS in place.

Learn More