IT Ministry Releases Draft Digital Personal Data Protection Rules-2025

Personal data protection rules

Learn about the new draft Digital Personal Data Protection Rules, 2025, released by the IT Ministry, and how they enforce data protection principles in India.

Key Provisions of the Draft Rules

The draft Digital Personal Data Protection Rules, 2025, outline the guidelines for implementing the Digital Personal Data Protection Act, 2023. These rules provide a framework for data fiduciaries, detailing how they should protect user data and ensure informed consent during collection.

The draft rules also introduce the concept of consent managers, who assist data fiduciaries in gathering user consent in a specified format. Government agencies and other instrumentalities can collect data for providing subsidies and benefits, while data collected for statistical purposes is exempt from these rules.

Personal Data Protection rules and Impact Assessments

The rules mandate that data fiduciaries must implement reasonable security safeguards to prevent breaches. In case of a data breach, the Data Protection Board of India must be notified within 72 hours. Significant data fiduciaries are also required to conduct periodic Data Protection Impact Assessments and audits.

Scroll to Top