Digital Personal Data Protection (DPDP) Rules 2025: Latest Updates
The Government of India has officially notified the Digital Personal Data Protection (DPDP) Rules 2025, completing the implementation of the DPDP Act 2023. This notification comes eight years after the Supreme Court’s landmark K.S. Puttaswamy (2017) judgment that recognised privacy as a fundamental right.
Key Features of the DPDP Act and Rules 2025
- Citizen-Centric Legal Architecture: SARAL (Simple, Accessible, Rational, and Actionable) design ensures easy comprehension through plain language and illustrations.
- Rights and Duties: Data Principals (citizens) have rights to consent, correction, erasure, and grievance redressal. Data Fiduciaries (entities) must ensure lawful processing, data security, and breach reporting.
Phased Implementation Timeline
- Immediate Provisions: DPBI operationalised with four members, headquartered in New Delhi. Amendment to the RTI Act 2005 takes effect, restricting disclosure of personal information.
- Delayed Provisions (12-18 months): Informed consent requirements, purpose limitation, mandatory breach notification to users, appointment of Data Protection Officers (DPOs), launch of Consent Manager Framework (Nov 2026), full compliance for large tech companies by May 2027.
Stay Updated with Latest Current Affairs
Get daily current affairs delivered to your inbox. Never miss
important updates for your UPSC preparation!
Kutos : AI Assistant!
