India’s DPDP Act, legislated in 2023, presents a comprehensive framework for personal data protection, defining the responsibilities of data fiduciaries and processors while enhancing the rights of data principals. This legislation marks a significant shift in how digital personal data is handled, extending its reach to any business processing such data within or for customers residing in India. The Act’s strict compliance requirements and hefty penalties for violations—up to INR 250 crores per violation—underscore the importance of adhering to these new norms.
