What is DPDPA and why is it important?

The Digital Personal Data Protection Act (DPDPA) is India's comprehensive data protection law that governs how organizations collect, store, and process personal data. Non-compliance can result in penalties up to ₹250 crores.

How does DataDefend help with DPDPA compliance?

DataDefend automates the entire DPDPA compliance journey with AI-powered consent management, data discovery, privacy impact assessments, DSAR automation, and real-time compliance monitoring.

Is there a free plan available?

Yes! DataDefend offers a free Starter plan with 3,000 consent collections per month, basic cookie consent, and DPDP-compliant consent artifacts-forever free.

DataDefend top 6 compliance platform. Book a free demo

Compliance Deadline: May 13, 2027

The Complete Guide to the
DPDP Act 2023 & Rules 2025

A comprehensive, chapter-by-chapter breakdown of India's Digital Personal Data Protection Act, mapped with implementation timelines and compliance obligations.

Get Compliance Roadmap Official PDFs

Structure of the DPDPA 2023

The Act is organized into 9 distinct chapters and one schedule detailing financial penalties. Here is what every organization must know.

Chapter 1

Preliminary (Sections 1-3)

Covers the short title, commencement, key definitions (like Data Fiduciary, Data Principal, Personal Data), and the territorial application of the Act.

Chapter 2

Obligations of Data Fiduciary (Sections 4-10)

Details the grounds for processing, providing notice, obtaining verifiable consent, processing children's data, and additional obligations for Significant Data Fiduciaries.

Chapter 3

Rights and Duties of Data Principal (Sections 11-15)

Outlines the user's right to access, correction, erasure, grievance redressal, right to nominate, and the statutory duties they must follow.

Chapter 4

Special Provisions (Sections 16-17)

Governs the processing of personal data outside India (cross-border transfers) and lists specific exemptions for state agencies, research, and legal compliance.

Chapter 5

Data Protection Board of India (Sections 18-26)

Mandates the establishment of the DPB, detailing the composition, qualifications, proceedings, and powers of the Chairperson and its members.

Chapter 6

Powers, Functions and Procedure (Sections 27-28)

Defines the powers and functions of the Board, including how it conducts inquiries and the procedures it must follow.

Chapter 7

Appeal and Alternate Dispute Resolution (Sections 29-32)

Establishes the process for appeals to the Appellate Tribunal (TDSAT) and mechanisms for voluntary undertakings and alternate dispute resolution.

Chapter 8

Penalties and Adjudication (Sections 33-34)

Specifies the penalties for non-compliance and directs that sums realized by way of penalties be credited to the Consolidated Fund of India.

Chapter 9

Miscellaneous (Sections 35-44)

Covers protection of action taken in good faith, consistency with other laws, power of the Central Government to make rules, and amendments to other Acts.

The Schedule

Penalties for Breaches

A detailed matrix of financial penalties ranging up to â‚¹250 crore for various breaches, including failure to take reasonable security safeguards.

Ready for DPDP Compliance?

DataDefend helps you automate consent, DSARs, data discovery, and breach response. Keep your focus on business while our AI agents handle the compliance.

Schedule Demo Explore Platform

DataDefend top 6 compliance platform. Book a free demo

Compliance Deadline: May 13, 2027

The Complete Guide to the
DPDP Act 2023 & Rules 2025

A comprehensive, chapter-by-chapter breakdown of India's Digital Personal Data Protection Act, mapped with implementation timelines and compliance obligations.

Get Compliance Roadmap Official PDFs

Structure of the DPDPA 2023

The Act is organized into 9 distinct chapters and one schedule detailing financial penalties. Here is what every organization must know.

Chapter 1

Preliminary (Sections 1-3)

Covers the short title, commencement, key definitions (like Data Fiduciary, Data Principal, Personal Data), and the territorial application of the Act.

Chapter 2

Obligations of Data Fiduciary (Sections 4-10)

Details the grounds for processing, providing notice, obtaining verifiable consent, processing children's data, and additional obligations for Significant Data Fiduciaries.

Chapter 3

Rights and Duties of Data Principal (Sections 11-15)

Outlines the user's right to access, correction, erasure, grievance redressal, right to nominate, and the statutory duties they must follow.

Chapter 4

Special Provisions (Sections 16-17)

Governs the processing of personal data outside India (cross-border transfers) and lists specific exemptions for state agencies, research, and legal compliance.

Chapter 5

Data Protection Board of India (Sections 18-26)

Mandates the establishment of the DPB, detailing the composition, qualifications, proceedings, and powers of the Chairperson and its members.

Chapter 6

Powers, Functions and Procedure (Sections 27-28)

Defines the powers and functions of the Board, including how it conducts inquiries and the procedures it must follow.

Chapter 7

Appeal and Alternate Dispute Resolution (Sections 29-32)

Establishes the process for appeals to the Appellate Tribunal (TDSAT) and mechanisms for voluntary undertakings and alternate dispute resolution.

Chapter 8

Penalties and Adjudication (Sections 33-34)

Specifies the penalties for non-compliance and directs that sums realized by way of penalties be credited to the Consolidated Fund of India.

Chapter 9

Miscellaneous (Sections 35-44)

Covers protection of action taken in good faith, consistency with other laws, power of the Central Government to make rules, and amendments to other Acts.

The Schedule

Penalties for Breaches

A detailed matrix of financial penalties ranging up to â‚¹250 crore for various breaches, including failure to take reasonable security safeguards.

Ready for DPDP Compliance?

DataDefend helps you automate consent, DSARs, data discovery, and breach response. Keep your focus on business while our AI agents handle the compliance.

Schedule Demo Explore Platform

The Complete Guide to the DPDP Act 2023 & Rules 2025

Structure of the DPDPA 2023

Preliminary (Sections 1-3)

Obligations of Data Fiduciary (Sections 4-10)

Rights and Duties of Data Principal (Sections 11-15)

Special Provisions (Sections 16-17)

Data Protection Board of India (Sections 18-26)

Powers, Functions and Procedure (Sections 27-28)

Appeal and Alternate Dispute Resolution (Sections 29-32)

Penalties and Adjudication (Sections 33-34)

Miscellaneous (Sections 35-44)

Penalties for Breaches

Ready for DPDP Compliance?

The Complete Guide to the DPDP Act 2023 & Rules 2025

Structure of the DPDPA 2023

Preliminary (Sections 1-3)

Obligations of Data Fiduciary (Sections 4-10)

Rights and Duties of Data Principal (Sections 11-15)

Special Provisions (Sections 16-17)

Data Protection Board of India (Sections 18-26)

Powers, Functions and Procedure (Sections 27-28)

Appeal and Alternate Dispute Resolution (Sections 29-32)

Penalties and Adjudication (Sections 33-34)

Miscellaneous (Sections 35-44)

Penalties for Breaches

Ready for DPDP Compliance?

The Complete Guide to the
DPDP Act 2023 & Rules 2025

The Complete Guide to the
DPDP Act 2023 & Rules 2025