India’s New Data Privacy Law: Understanding The DPDP Act

• Title

India’s new data privacy law: understanding the DPDP Act

• Abstract –

The DPDP Act, 2023, an Indian law, provides a framework for protecting digital data. The main issue with the DPDP act was resolved around the implementation challenges, ambiguity in cross-border data transfer, and lack of specificity of the technical security standard.  The DPDP Act signifies a major shift to individual -centric data protection in India.

• Introduction-

The DPDP Act,2023, is associated with DPDP rules 2025, which apply to the processing of digital personal data within the territory of India. If the DPDP were introduced in India to create a comprehensive framework for protecting citizens’ digital personal data, addressing rising privacy concerns from massive digital growth, and balancing individual rights with the need for data processing for law enforcement purposes. It is important to build trust in the digital economy by mandating transparency and consent, holding organisations accountable for data breaches, and balancing data protection with innovation by allowing controlled cross-border data flow.

• Main body-

Legal framework- the legal provisions of the DPDP Act 2023-

Data principle rights– individuals can view, correct, and erase their data

Penalties-  Upto 250 Crore  for non-compliance 

Data protection board- An independent body to oversee compliance 

• Judicial interpretation- 

Justice K. S. Puttaswamy v. Union of India – Supreme Court established that the right to privacy is a fundamental right under Article 21 

Shreya Singhal v. Union of India– while dealing with freedom of speech, this case influenced intermediary liability frameworks, which relate to data fiduciaries, obligations under the DPDP Act.

A. Babu Ram v. CBSE – Highlights obligations of data fiduciaries (like CBSE to protect personal law.

Critical analysis- 

The challenges of the DPDP Act were-

Compliance burden- costs and resources needed for the current management, audit logs, for SMEs.

Technological gaps- Insufficient specific rules for AI, big data, and a lot and decenteralized processing.

Low digital literacy– General lack of awareness among Indian users about their rights.

Recent development– In 2025 ( DPDP rules 2025 were notified, giving full effect to the Act and detailing implementation, alongside related changes like amendments to the RTI  Act to align privacy with transparency. RTI Act alignment was amended to balance transparency with personal data privacy.

Conclusion – The DPDP Act 2023 was a comprehensive framework.to India’s foundational law for digital data, covering all digital personal data processing within India. This act established the Data Protection Board of India. It creates a robust legal framework for safeguarding. Indian individuals’ digital personal data, while striking a balance between the necessity of data processing for websites