Meet ComplAIIntelligence: Your AI-powered teammate for risk & complianceLearn more
All framework guides

Help Center · Framework guide

Digital Personal Data Protection Act, 2023

India DPDP · Privacy · India · v2023 + Rules 2025

PrivacyIndiaDPDPData Fiduciary

Overview

India’s Digital Personal Data Protection Act sets obligations for processing digital personal data, consent, and fiduciary duties.

26 controls available in ComplAI for this framework.

Who it's for

  • Data fiduciaries operating in or serving India
  • Indian SaaS and digital businesses
  • Privacy teams aligning to DPDP rules

Why it matters

DPDP is central to India’s privacy regime. Early control mapping prepares you for rules, notices, and fiduciary accountability.

Consent and noticePurpose limitationSecurity safeguardsRights and grievance redressal

How ComplAI helps

  • Activate India DPDP in the Framework Library to load its control catalog
  • Assign owners, track compliance status, and attach evidence per control
  • Use risk register and issues workflows when controls fail or deviate
  • Export readiness views for leadership and auditors

Sample controls

  • Sec. 4

    Lawful purpose and processing grounds

    data protection
  • Sec. 5

    Notice to Data Principal

    data protection
  • Sec. 6

    Valid consent

    data protection
  • Sec. 6(4)

    Consent withdrawal

    data protection
  • Sec. 7

    Certain legitimate uses

    data protection
  • Sec. 8(1)

    Data Fiduciary accountability

    governance

Getting started

  1. Open Framework Library and activate India DPDP
  2. Review the control list and prioritize high-impact domains
  3. Attach policies, procedures, and technical evidence
  4. Mark controls audit-ready and monitor residual gaps