Draft DPDP Rules 2025: A Deep Dive.
The Draft Rules for the Digital Personal Data Protection Act (DPDPA) 2023 provide the operational blueprint for organizations. Understanding these rules is critical for achieving day-zero compliance.
Consent Notice Specifics
The 2025 rules mandate that notices must be provided in 22 scheduled languages, detailing the purpose of collection and the contact info of the DPO.
Breach Notification
Organizations must notify the Data Protection Board (DPB) of any personal data breach within 72 hours of becoming aware of the incident.
Board Procedures
Guidelines on how the Data Protection Board will adjudicate complaints and the process for appealing penalties.
Key Compliance Milestones
1. Data Mapping & Inventory
Identify all personal data flows and classify them based on the new definitions of 'Significant Data Fiduciaries'.
2. Notice Refresh
Update all public-facing privacy notices to include mandatory disclosures required by the 2025 draft rules.
3. Consent Withdrawal Portals
Implement user-friendly mechanisms for Data Principals to withdraw consent as easily as they gave it.
4. Grievance Redressal
Establish a 24/7 grievance redressal mechanism with defined resolution timelines (likely 30 days).
Is your organization ready?
Our techno-legal experts can help you audit your systems against the 2025 Draft Rules today.
Book a Readiness Session