Indian DPDP Act 2023
Digital Personal Data Protection Act 2023 (Act No. 22 of 2023). Rules effective phased.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (9)
Children's Data
| Code | Title |
|---|---|
| s.9(1) | Processing of Children's Personal Data with Verifiable Parental Consent |
| s.9(3) | Restrictions on Processing Children's Data |
Consent
| Code | Title |
|---|---|
| s.5 | Notice to Data Principal |
| s.5(2) | Notice for Pre-Commencement Consent |
| s.6 | Consent |
| s.6(7) | Consent Manager Registration and Accountability |
Cross-Border
| Code | Title |
|---|---|
| s.16 | Quality of Information |
Data Fiduciary Obligations
| Code | Title |
|---|---|
| s.8(1) | General Obligation of Data Fiduciary |
| s.8(10) | Retention by Data Processor |
| s.8(2) | Accuracy and Security Notwithstanding Agreement |
| s.8(3) | Data Accuracy and Completeness |
| s.8(4) | Reasonable Security Safeguards |
| s.8(5) | Intimation of Personal Data Breach |
| s.8(7) | Erasure on Withdrawal or Purpose Completion |
| s.8(8) | Reasonable Steps Verification |
| s.8(9) | Grievance Redressal Mechanism |
Data Principal Rights
| Code | Title |
|---|---|
| s.11 | Consent, Justification and Objection |
| s.12 | Collection Directly from Data Subject |
| s.13 | Collection for Specific Purpose |
| s.14 | Retention and Restriction of Records |
| s.15 | Further Processing to be Compatible with Purpose of Collection |
Data Protection Board
| Code | Title |
|---|---|
| s.18 | Notification to Data Subject When Collecting Personal Information |
| s.27 | Powers and Functions of the Board |
| s.28 | Procedure for Inquiry |
| s.29 | Appeal to Appellate Tribunal |
| s.30 | Alternate Dispute Resolution and Voluntary Undertaking |
| s.33 | Penalties and Adjudication |
Lawful Processing
| Code | Title |
|---|---|
| s.4 | Grounds for Processing Personal Data |
| s.7 | Certain Legitimate Uses |
Other
| Code | Title |
|---|---|
| s.17(1) | Exemptions from Specific Provisions |
| s.17(2) | Notified Exemptions for State Instrumentalities and Research |
Significant Data Fiduciaries
| Code | Title |
|---|---|
| s.10 | Minimality |
Frequently Asked Questions
What is Indian DPDP Act 2023?
Indian DPDP Act 2023 is a compliance framework from India with 9 domains and 32 controls. Digital Personal Data Protection Act 2023 (Act No. 22 of 2023). Rules effective phased. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Indian DPDP Act 2023 have?
Indian DPDP Act 2023 has 32 controls organised across 9 domains. The largest domains are Data Fiduciary Obligations (9 controls), Data Protection Board (6 controls), Data Principal Rights (5 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Indian DPDP Act 2023 map to?
Indian DPDP Act 2023 does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.
How do I get started with Indian DPDP Act 2023 compliance?
Start your Indian DPDP Act 2023 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Indian DPDP Act 2023 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 32 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 769 frameworks.
Get Started Free →Free forever — no credit card required