DPDP Rules 2025
The Digital Personal Data Protection Rules, 2025 provide the operational framework for implementing the DPDP Act 2023. With 23 rules and 7 schedules, these rules detail compliance requirements for all organizations.
All 23 Rules Explained
Preliminary (Rules 1-3)
Rules come into force on publication in Official Gazette
Key terms including Consent Manager, itemised data, verifiable consent
Requirements for notice to Data Principals with itemised description of personal data
Obligations of Data Fiduciary (Rules 4-5)
Registration requirements, conditions, and obligations for Consent Managers
Standards for processing by State and instrumentalities for subsidies, benefits, services
Rights and Duties (Rules 6-8)
Reasonable security safeguards including encryption, access controls, monitoring
Intimation of personal data breach to Board and affected Data Principals
Time periods after which purpose is deemed no longer served
Special Provisions (Rules 9-12)
Person designated to answer questions about processing
Verifiable consent requirements for processing children's data
Verifiable consent for persons with disability having lawful guardian
Classes of Data Fiduciaries exempt from certain child data obligations
Data Protection Board (Rules 13-15)
Additional obligations including DPIA, periodic audits, DPO appointment
Procedures for exercising rights of access, correction, erasure
Requirements for transfer of personal data outside India
7 Schedules
Part A: Conditions of registration | Part B: Obligations
Standards for processing under Section 7 and Section 17(2)(b)
Class of Data Fiduciaries, Purposes, and Time periods
Part A: Classes exempt | Part B: Purposes exempt from Section 9(1) and 9(3)
Terms and conditions of service of Chairperson and Members
Terms of appointment and service of officers and employees
Purpose and Authorised person table for information requests
Strengthen Your Compliance Posture
Explore complementary certifications that work together to provide comprehensive security and compliance coverage.