DPDPA

Privacy Compliance for School and University Student Records: From Collection to Expunction

September 25, 2025

Introduction In an administrative framework, student records once served as an instrument in facilitating and ensuring institutional formalities. In contrast, they have now become a crucial part of institutional governance. Hence, their management and protection under the Digital Personal Data Protection Act (“DPDP Act”), 2023, as well as under the existing framework of the Information…

Building Audit-Ready Consent Systems for Healthcare

September 23, 2025

INTRODUCTION Consent in healthcare is no longer a matter of routine paperwork. It has become a statutory and governance obligation under India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”), the National Digital Health Mission (“NDHM”), and the oversight of ethical guidelines in medical practice. Hospitals and clinics are data fiduciaries. They carry a direct…

Consent At Scale: How FinTechs Can Survive DPDP Act’s Per Transaction Requirement

August 8, 2025

Introduction The Digital Personal Data Protection Act (hereinafter referred to as the “DPDPA” or “the Act”) 2023, alters how India looks at data privacy and compliance frameworks. One of the most talked about provisions of the Act is per-transaction, or granular, consent, which requires that a user must provide explicit consent for each and every…

Are ‘Record of Processing Activities’ Mandatory for Indian Companies?

July 30, 2025

INTRODUCTION As data privacy regulations tighten across the globe, businesses are under growing pressure to keep clear, organized records of how they handle personal data. One such tool widely used internationally is the ‘Record of Processing Activities’, commonly referred to as ROPA. Mandated under the European Union’s (hereinafter referred to as “EU”) General Data Protection…