India's Most Comprehensive DPDPA Resource
Understand the Digital Personal Data Protection Act 2023 and DPDP Rules 2025 in plain English. Check your compliance readiness, explore every section, calculate penalties, and track enforcement dates — all free.
Four free tools to get you ready
Built for legal, security, product and engineering teams operating in India.
Section Explorer
Browse all 44 sections in plain English with applicability filters.
Compliance Checklist
Answer 30 questions and get your readiness score instantly.
Penalty Calculator
Select a violation and see the exact penalty you're exposed to.
Timeline Tracker
Every key date from enactment to full enforcement.
What is DPDPA?
The Digital Personal Data Protection Act (DPDPA), 2023 is India's first comprehensive law governing how organisations collect, store, process, and share personal data of individuals (called Data Principals). Enacted in August 2023 and supplemented by the DPDP Rules, 2025 published by MeitY, it applies to any entity — Indian or foreign — that processes digital personal data of people in India.
Think of it as India's answer to the EU's GDPR — but with its own distinct structure, consent-first philosophy, and a phased enforcement timeline.
Consent-driven
No 'legitimate interest' catch-all. Consent is the primary legal basis for processing.
Extraterritorial
Foreign companies processing Indian citizens' data are fully covered by the Act.
₹250 Cr penalties
Per-violation maximums — not turnover-based like GDPR. The same cap applies regardless of company size.
Latest update
DPDP Rules, 2025 notified by MeitY on November 14, 2025. Full enforcement of remaining obligations expected May 14, 2027.