India’s passage of its new Digital Personal Data Protection Act (DPDP) extends privacy rights to 881 million more internet users, posing a sheer volume challenge to global companies’ data compliance. The law, which creates a new regulator, is relatively relaxed about transfers of personal data and foregoes a few common privacy obligations for companies, though strongly emphasizes consent. This article breaks down the DPDP’s business-friendly, strict and unclear aspects, sharing insights from experts at DLA Piper, Epiq, Husch Blackwell, Osano and Wilmer Hale. See our three-part series on data localization: “Laws Spread and Enforcement Rises” (Nov. 3, 2021), “New Compliance Headaches and Costs Across the Globe” (Nov. 10, 2021), and “Cybersecurity Challenges Abound” (Nov. 17, 2021).