Introduction Fintech compliance in India has offered a comforting assurance for many decades whereby if you checked the boxes and adhered to the guidelines, you were essentially safe. With audit trails, internal policies, and paperwork serving as the foundation of legal risk management, compliance was viewed as a technical Endeavour. However, a quiet but profound transformation…
Most Indian boards think they have NOW full 15 months and few days, as of now, to comply with DPDPA. If MeitY compresses the runway from original 18 months to 12, transition will become a nightmare. Three uncomfortable truths I am seeing in the field: You are suffering from “Bandwidth Bankruptcy.” If your DPDPA lead…
Year 2026 will be Foundation Year of Trust with Consent Management Framework in place. 1. Notice & Consent Basics Visual flow: Data Fiduciary sends Notice to Data Principal; Data Principal provides Consent back. 2. Purpose Register & Data Mapping Visual flow: Mapping Personal Data to Purpose for the Data Principal. 3. Processor/Vendor Controls (Part A…
𝐏𝐨𝐥𝐢𝐜𝐢𝐞𝐬 𝐝𝐨𝐧’𝐭 𝐞𝐧𝐬𝐮𝐫𝐞 𝐜𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞. 𝐌𝐢𝐧𝐝𝐬𝐞𝐭𝐬 𝐝𝐨. 1. Accountability Data Fiduciary duty; demonstrate compliance 2. Purpose limitation Specified purpose; no incompatible processing 3. Data minimisation Only necessary personal data; reduce access 4. Notice to Data Principal Provide notice; clear, itemised information 5. Consent management Free, specific, informed; easy withdrawal 6. Data Principal rights Access; correction/erasure; nominate;…
We are after roughly one month and ten days into the DPDPA implementation countdown. Since, the notification dropped in November, 𝐈 𝐡𝐚𝐯𝐞 𝐰𝐚𝐭𝐜𝐡𝐞𝐝 𝐦𝐚𝐧𝐲 𝐨𝐫𝐠𝐚𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧𝐬 𝐭𝐫𝐞𝐚𝐭 𝐭𝐡𝐢𝐬 𝐩𝐞𝐫𝐢𝐨𝐝 𝐚𝐬 𝐚 𝐯𝐚𝐜𝐚𝐭𝐢𝐨𝐧 𝐫𝐚𝐭𝐡𝐞𝐫 𝐭𝐡𝐚𝐧 𝐚 𝐬𝐩𝐫𝐢𝐧𝐭. 𝐋𝐞𝐭’𝐬 𝐛𝐞 𝐩𝐫𝐞𝐜𝐢𝐬𝐞 𝐚𝐛𝐨𝐮𝐭 𝐰𝐡𝐚𝐭 𝐭𝐡𝐢𝐬 𝐬𝐢𝐥𝐞𝐧𝐜𝐞 𝐜𝐨𝐬𝐭𝐬 𝐲𝐨𝐮. The 12 Months Milestone (November 2026): This isn’t a ‘soft launch.’…
Evidence Based Compliance: The New Currency Under DPDPA The Digital Personal Data Protection Act, 2023 marks a decisive turn in how organisations will be evaluated. The future standard is clear: Compliance will be judged by evidence, not paperwork. Policies, notices, and contracts matter but they no longer determine regulatory outcomes. What matters is the organisation’s…
13 November 2025 will be remembered as the day India crossed into a new digital era, a Privacy Singularity. For the first time, the rights of the Indian citizen are codified, actionable, and backed by statutory duties on every Data Fiduciary and Processor. This is bigger than compliance. It is a redistribution of digital power….
Introduction India’s new era of digital accountability has begun with the introduction of Digital Personal Data Protection Act, 2023 (hereinafter referred to as “DPDPA“) which is expected to be implemented in the near future. The legislation establishes a comprehensive framework on the collection, use, storage, and transfer of an individual’s personal data. For some organizations,…
The Paradigm Shatter: Understanding India’s Negative List Breakthrough Every major data protection framework from GDPR to China’s Cybersecurity Law operates on a restrictive foundation. Likewise, under the Digital Personal Data Protection Act,2023(DPDPA), the data of “Data Principal”( Subject Data in GDPR) cannot cross borders unless specific conditions are met. The European Union’s “adequacy decisions”…
INTRODUCTION Small and medium enterprises (hereinafter referred to as “SMEs”) put food on the table for most Indians. Think of a neighborhood Kirana store, a small eatery down the lane, an online apparel seller in the heart of Bengaluru, or even a local taxi service in Cochin. Individually, each of these may not seem like…
As legal professionals, we are often at the forefront of advising businesses on risk mitigation, compliance, and crisis management. The latest IBM Cost of a Data Breach Report 2025 has revealed alarming trends that demand immediate attention from organizations across industries. These findings are not just numbers, but they are a stark reminder of the…
INTRODUCTION As data privacy regulations tighten across the globe, businesses are under growing pressure to keep clear, organized records of how they handle personal data. One such tool widely used internationally is the ‘Record of Processing Activities’, commonly referred to as ROPA. Mandated under the European Union’s (hereinafter referred to as “EU”) General Data Protection…
Disclaimer & Confirmation
As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking on the “I AGREE” button below, user acknowledges the following:
However, the user is advised to confirm the veracity of the same from independent and expert sources.
