Home >Articles & Publications>Article>The practicalities of implementing India’s Digital Personal Data Protection Act

The practicalities of implementing India’s Digital Personal Data Protection Act

Article
Sajai Singh
April 29, 2026

A person using a touchscreen to access digital cybersecurity icons, with a lock symbol representing secure data access.

India’s new Digital Personal Data Protection framework, comprising the DPDP Act 2023 and Rules 2025, mandates organisations to build robust, India-specific privacy compliance systems before full enforcement in May 2027. Key requirements include gap assessments, consent redesign, breach reporting, data retention alignment, and governance structures led by senior management. Challenges such as conflicting retention norms, algorithmic accountability, and data localisation remain. Organisations must adopt integrated, forward-looking compliance strategies to align domestic and global obligations while strengthening accountability, risk mitigation, and consumer trust.

Please click here to read the full article by Sajai Singh, Partner, Sankalp Inuganti, Associate, and Ayush Sahay, Associate, published in International Bar Association.

POST TAGS

Tags Compliance Framework India, Consent Management India, Consumer Trust India, Cybersecurity India, Data Breach Reporting India, Data Governance India, Data Localisation India, Data Protection India, Digital Personal Data Protection, DPDP Act India, International Data Compliance, Privacy Compliance India, Privacy Law India, Risk Mitigation India, Technology Regulation India

Sajai Singh Partner

Sajai's broad-based practice focuses on Mergers, Acquisitions, Joint Ventures, strategic alliances, restructurings and financings (whether debt or equity), with particular emphasis on cross- border transactions.