15 November,2025 10:27 PM IST | New Delhi | mid-day online correspondent
Representational Image. File Pic
Industry experts on Saturday welcomed the government's latest move to notify rules under the Digital Personal Data Protection Act (DPDPA), 2023. This particular modification in the Data Prevention Act will formally help in operationalising India's first dedicated personal-data protection regime, news agency IANS reported.
The notification rolled out by the Ministry of Electronics and Information Technology (MeitY) stated, "Social media sites, online gateways, and any other organisations handling personal data are required to give users a detailed explanation of the information being gathered and to make it apparent how it will be used."
Ivana Bartoletti, Chief Privacy and AI Governance Officer of Wipro, said, "There is no doubt that India has entered a new era of privacy. In the age of AI, trust is crucial. And because AI depends on large volumes of data, strong privacy protections must come first. This development marks an important step in strengthening India's digital ecosystem and aligns closely with the country's recent AI governance guidelines."
According to IANS, the Chief Privacy and AI Governance Officer of Wipro further stated, "The new rules come with robust data governance -- anchored in clear responsibilities, defined structures, consent, and privacy by design."
"These will enable organisations to grow in a sustainable and accountable way as innovation accelerates and technology becomes ever more embedded in daily life," Bartoletti added while hailing the DPDPA Act 2023.
According to the regulations, users must have an easy way to revoke their consent or complain to the Data Protection Board (DPB) about infractions.
Consent managers, which are organisations authorised to act on behalf of users, have 12 months to register with the DPB. However, the companies will have up to 18 months to fulfil the administrative compliance requirements, IANS reported.
Apart from Ivana, one of the partners in TMT [Technology, Media and Telecommunications], Trilegal, Nikhil Narendran stated, "With the notification of the Rules and the Act, the government has finally put all uncertainty to rest."
"India Inc. now has an 18-month runway to gear up for full compliance. For most organisations, it will be necessary to start with data mapping, redesigns of consent and notice flows, and training programmes to ensure compliance, with the help of lawyers, technologists, and privacy professionals. The real focus will also be on the constitution of the new Data Protection Authority and how this regulator interprets these rules, prioritises enforcement, and how early guidance shapes India's digital industry," Narendran added.
Jaspreet Singh, Partner and Chief Revenue Officer, Grant Thornton Bharat, while highlighting that DPDPA Rules 2025 marks India's transition from policy intent to operational accountability and privacy, emphasised, "Compliance under DPDPA is not a checklist; it's a culture of trust every organisation must now institutionalise. The DPDPA era demands boardroom fluency in privacy governance; executives will now be measured by controls they can evidence, not promises they make."
(With inputs from IANS)
