India’s Digital Personal Data Protection Rules, 2025 Notified

Ankita Sabharwal
3 hours ago
2 min read

India has officially released the Digital Personal Data Protection (DPDP) Rules and constituted the Data Protection Board of India on November 14, 2025, marking the full operational rollout of the country’s new privacy regime.

These developments now make compliance mandatory for every organization handling personal data of Indian citizens, irrespective of whether the company is based in India or abroad.

This applies broadly to companies that:• Serve Indian customers or users• Employ or contract individuals in India• Operate support centres or offshore teams in India• Transfer or process India-linked personal data through global systems

Key Compliance Requirements

Clear, plain-language consent and purpose-specific notices
Strict breach notification obligations to affected individuals
Verifiable parental consent for children’s data
Enforceable rights to access, correction, erasure, and nomination
Enhanced compliance for Significant Data Fiduciaries (audits, DPIAs, tech due diligence).

Penalties for non-compliance

The Act introduces one of the strongest enforcement models in the region.Non-compliance can attract financial penalties up to ₹250 crore ( Approx USD 28 million) for violations, depending on nature, severity, duration, and impact.

Penalties may apply for:• Failure to implement security safeguards• Failure to report data breaches• Breach of children’s data requirements• Non-fulfilment of data principal rights• Violations of purpose limitation or consent obligations• Failure to comply with Data Protection Board directions

Startups and smaller entities benefit from graded penalties, but all global businesses remain within the Board’s jurisdiction if they process Indian personal data. Most provisions have been implemented with immediate effect, and the remaining measures will be rolled out according to a strict schedule, with key milestones at 12 months and full completion within 18 months.

Our Capability

We are a well-equipped and experienced data privacy team, already assisting global businesses in preparing for DPDP compliance.Our expertise covers:

End-to-end compliance programmes
Policy & notice drafting
Data flow mapping and cross-border assessments
Vendor and processor contract updates
Implementation guidelines for global privacy teams
Legal advisory
Training for legal, HR, tech, and leadership groups

We would be pleased to support your organisation or your clients in navigating India’s DPDP compliance timeline. The Rules can be accessed here.

Please feel free to reach out to our Head of Data Privacy, Ms. Ankita Sabharwal on ankita@iprattorneys.com for any assistance you may require in this regard.