Table of Contents
Learn about the new draft Digital Personal Data Protection Rules, 2025, released by the IT Ministry, and how they enforce data protection principles in India.
Key Provisions of the Draft Rules
The draft Digital Personal Data Protection Rules, 2025, outline the guidelines for implementing the Digital Personal Data Protection Act, 2023. These rules provide a framework for data fiduciaries, detailing how they should protect user data and ensure informed consent during collection.
The Role of Consent Managers
The draft rules also introduce the concept of consent managers, who assist data fiduciaries in gathering user consent in a specified format. Government agencies and other instrumentalities can collect data for providing subsidies and benefits, while data collected for statistical purposes is exempt from these rules.
Personal Data Protection rules and Impact Assessments
The rules mandate that data fiduciaries must implement reasonable security safeguards to prevent breaches. In case of a data breach, the Data Protection Board of India must be notified within 72 hours. Significant data fiduciaries are also required to conduct periodic Data Protection Impact Assessments and audits.