New Delhi, Nov 14: The Central Government has officially released the Digital Personal Data Protection (DPDP) Rules 2025, which will be implemented in phases over 12–18 months. The rules are designed to empower citizens with greater control over their personal data, ensure protection against misuse, and enhance online privacy.
Some provisions will take effect immediately, while others such as registration and obligations of consent managers, notice from data fiduciaries to individuals, and norms related to personal data processing will roll out gradually over the next year to year-and-a-half.
Key Features of the DPDP Rules 2025
Data Control: Citizens can monitor and correct misuse of their personal data, including phone numbers, videos, and voice recordings.
Data Protection Board: A mechanism to establish a board that can levy penalties based on breaches under the DPDP Act 2023.
Graded Penalties: Penalties of up to ₹250 per breach, with a graded system to safeguard small businesses.
Exemptions: Rules do not override enforcement of legal rights, court orders, cross-border consents, financial investigations, or government-mandated schemes.
The rules follow the Supreme Court’s 2017 judgment recognizing the Right to Privacy as a Fundamental Right. They also require citizens to provide verifiable information when requesting data correction or deletion and prevent filing false or frivolous complaints.
Impact and Benefits
Once fully implemented, the DPDP Rules will:
Help citizens take action against unauthorized calls and data leaks.
Ensure accountability of data fiduciaries for violations.
Protect privacy while balancing legal, research, and government scheme requirements.
The phased rollout reflects a cautious approach, giving businesses and start-ups time to comply while strengthening India’s personal data protection ecosystem.