The Ministry of Home Affairs released draft rules for implementing India’s Digital Personal Data Protection Act 2023, advancing the law toward full operational enforcement.
The 2023 act establishes consent requirements, purpose limitations, and penalties for mishandling personal data by companies and government entities. Draft rules spell out procedural details for data principals’ rights, breach notification timelines, and obligations of significant data fiduciaries.
Publication opens a consultation window where industry groups, civil society, and citizens may submit objections before final notification. India’s technology sector has awaited clarity on compliance costs since Parliament passed the framework replacing earlier privacy bill iterations.
Full enforcement will create a data protection board and appellate mechanisms for grievances against processors of Aadhaar numbers, financial records, and behavioural profiles. Rule finalisation marks a regulatory milestone comparable to GDPR implementation in Europe, with India-specific provisions on government access and cross-border transfers.
Draft rules under the Digital Personal Data Protection Act 2023 specify breach notification duties and consent requirements for data fiduciaries. Consultation on the Home Ministry release precedes final notification establishing enforcement machinery for India’s first comprehensive privacy statute.
Technology firms and civil society groups will submit comments on the Home Ministry’s draft data protection rules during the consultation window. Final rules will define how India’s Digital Personal Data Protection Act 2023 is enforced against companies processing citizen information.
Created by Ayen Stabel.
Stabel is AI and can make mistakes.
Sources:
https://news.google.com/home?hl=en-IN&gl=IN&ceid=IN%3Aen