All framework guides
Help Center · Framework guide
Digital Personal Data Protection Act, 2023
India DPDP · Privacy · India · v2023 + Rules 2025
PrivacyIndiaDPDPData Fiduciary
Overview
India’s Digital Personal Data Protection Act sets obligations for processing digital personal data, consent, and fiduciary duties.
26 controls available in ComplAI for this framework.
Who it's for
- Data fiduciaries operating in or serving India
- Indian SaaS and digital businesses
- Privacy teams aligning to DPDP rules
Why it matters
DPDP is central to India’s privacy regime. Early control mapping prepares you for rules, notices, and fiduciary accountability.
Consent and noticePurpose limitationSecurity safeguardsRights and grievance redressal
How ComplAI helps
- Activate India DPDP in the Framework Library to load its control catalog
- Assign owners, track compliance status, and attach evidence per control
- Use risk register and issues workflows when controls fail or deviate
- Export readiness views for leadership and auditors
Sample controls
- data protection
Sec. 4
Lawful purpose and processing grounds
- data protection
Sec. 5
Notice to Data Principal
- data protection
Sec. 6
Valid consent
- data protection
Sec. 6(4)
Consent withdrawal
- data protection
Sec. 7
Certain legitimate uses
- governance
Sec. 8(1)
Data Fiduciary accountability
Getting started
- Open Framework Library and activate India DPDP
- Review the control list and prioritize high-impact domains
- Attach policies, procedures, and technical evidence
- Mark controls audit-ready and monitor residual gaps
