Evidence Based Compliance: The New Currency Under DPDPA The Digital Personal Data Protection Act, 2023 marks a decisive turn in how organisations will be evaluated. The future standard is clear: Compliance will be judged by evidence, not paperwork. Policies, notices, and contracts matter but they no longer determine regulatory outcomes. What matters is the organisation’s…
OLD: Consent is a static checkbox exercise, sufficient for legal ‘satisfaction’. VIBE: Consent is a provable, real-time user journey, where every interaction is logged as irrefutable evidence of informed choice and ongoing intent. OLD: Compliance is an IT department’s operational burden, handled by technical staff. VIBE: Compliance is a C-Suite imperative, where proactive logging of…
When I look back at the last three decades of regulatory transitions in India from excise to GST implementation, from IT Act amendments to sectoral cybersecurity standards, then one lesson has remained unchanged: Those who wait for the deadline always lose the advantage. Not legally, but operationally. The DPDPA is no different. On paper, the…
The Digital Personal Data Protection Rules, 2025 were notified in the Gazette on 13 November 2025 (G.S.R. 846(E)). Some provisions are already in force, while the core compliance obligations kick in over the next 12–18 months: Rules 1, 2 and 17–21 apply from publication; Rule 4 (Consent Managers’ registration) starts one year after publication; Rules…
Introduction FinTech apps make money movement feel effortless, but the moment you sign up they start collecting a lot of personal and financial details. This can include your phone number, bank information, ID proofs, transaction history and even how you use your device. All of this sits behind the smooth buttons and screens you tap…
Most of your employees are using unauthorized AI tools right now. Are you the 67% of organizations with zero visibility? Your Organisation The global AI narrative is fractured. On one side, boards celebrate approved innovation. On the other, an unmanaged crisis of Shadow AI, is silently exposing proprietary data and attracting fierce regulatory scrutiny. The…
Introduction In today’s digital economy, cross-border data transfers are a key part of global trade. For Indian businesses, this is a day-to-day operational reality, but it is also a trigger for multifaceted challenges because of the range of disparate and often conflicting data protection laws in different countries. The disequilibrium of legal regulations is not…
Introduction India’s new era of digital accountability has begun with the introduction of Digital Personal Data Protection Act, 2023 (hereinafter referred to as “DPDPA“) which is expected to be implemented in the near future. The legislation establishes a comprehensive framework on the collection, use, storage, and transfer of an individual’s personal data. For some organizations,…
Introduction In an administrative framework, student records once served as an instrument in facilitating and ensuring institutional formalities. In contrast, they have now become a crucial part of institutional governance. Hence, their management and protection under the Digital Personal Data Protection Act (“DPDP Act”), 2023, as well as under the existing framework of the Information…
INTRODUCTION Consent in healthcare is no longer a matter of routine paperwork. It has become a statutory and governance obligation under India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”), the National Digital Health Mission (“NDHM”), and the oversight of ethical guidelines in medical practice. Hospitals and clinics are data fiduciaries. They carry a direct…
Introduction The Digital Personal Data Protection Act (hereinafter referred to as the “DPDPA” or “the Act”) 2023, alters how India looks at data privacy and compliance frameworks. One of the most talked about provisions of the Act is per-transaction, or granular, consent, which requires that a user must provide explicit consent for each and every…
INTRODUCTION As data privacy regulations tighten across the globe, businesses are under growing pressure to keep clear, organized records of how they handle personal data. One such tool widely used internationally is the ‘Record of Processing Activities’, commonly referred to as ROPA. Mandated under the European Union’s (hereinafter referred to as “EU”) General Data Protection…
Disclaimer & Confirmation
As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking on the “I AGREE” button below, user acknowledges the following:
However, the user is advised to confirm the veracity of the same from independent and expert sources.
