Is it allowed in India to process digital personal data without legal safeguards after the Digital Personal Data Protection Act, 2023 came into force?

Last updated on October 4, 2025

NO — India’s Digital Personal Data Protection Act, 2023 (DPDP Act) establishes legal duties for processing digital personal data, including lawful grounds, data fiduciary obligations, purpose limitation, breach notification duties and individual rights. Organisations processing digital personal data must follow the Act’s safeguards (and related rules or notifications issued under it); they cannot assume unconstrained processing. The Act (and implementing rules) creates an enforceable legal framework, so processing without meeting those conditions risks regulatory action.

 

https://www.meity.gov.in/content/digital-personal-data-protection-act-2023

8/11/2023

Related Posts

Scroll to Top