• |

Mar. 25, 2026

India Releases Rules for Its Digital Personal Data Protection Act

  • Mark Coakley
    Cybersecurity Law Report
To operationalize the 2023 Digital Personal Data Protection Act (DPDPA), India’s first comprehensive data protection law, India’s Ministry of Electronics and Information Technology issued the law’s first set of regulations in November 2025 (Rules) and announced the effective dates for additional rules still to come. The Rules detail requirements on consent and notice, breach reporting, special protections for vulnerable groups (including children and persons with disabilities), cross‑border data transfers, and the structure and authority of the Data Protection Board of India, which adjudicates disputes over alleged misuse of personal data. This article unpacks the DPDPA as well as the Rules, and includes practical compliance guidance for companies as discussed by experts during a TrustArc panel. See “Update on Digital Governance in India and China” (May 21, 2025).

To read the full article

Continue reading your article with a CSLR subscription.

Most-Read Articles

Trailblazing Women – Contributions, Achievements and Observations of Outstanding Leaders

To mark International Women’s Day, Law Report Group editors, along with our colleagues across ION Analytics’ products, interviewed outstanding women in the industries and jurisdictions we cover. In this article, Jill Abitbol, Robin Barton, Rorie Norton and Megan Zwiebel profile notable women in the data privacy, cybersecurity, AI, private funds and anti-corruption law fields, including (i) Paula Howell Anderson, (ii) Gwendolyn Lee Hassan, (iii) Audrey Koh, (iv) Stacy Feuer, (v) Heather Egan, (vi) Jeewon Serrato, (vii) Stephanie Breslow, (viii) Anne Choe, (ix) Heather Wyckoff, (x) Angie Batterson, (xi) Jacqueline Eaves, and (xii) C. Dabney O’Riordan.

Enjoy reading their inspiring remarks here.