The Digital Personal Data Protection Rules, 2025
Arrangement of rules
- 1. Short title and commencement
- 2. Definitions
- 3. Notice given by Data Fiduciary to Data Principal
- 4. Registration and obligations of Consent Manager
- 5. Processing of personal data for provision or issue of subsidy, benefit, service, certificate, licence or permit by State and its instrumentalities
- 6. Reasonable security safeguards
- 7. Intimation of personal data breach
- 8. Time period for specified purpose to be deemed as no longer being served
- 9. Contact information of person to answer questions about processing
- 10. Verifiable consent for processing of personal data of child
- 11. Verifiable consent for processing of personal data of person with disability who has lawful guardian
- 12. Exemptions from certain obligations applicable to processing of personal data of child
- 13. Additional obligations of Significant Data Fiduciary
- 14. Rights of Data Principals
- 15. Transfer of personal data outside the territory of India
- 16. Exemption from Act for research, archiving or statistical purposes
- 17. Appointment of Chairperson and other Members
- 18. Salary, allowances and other terms and conditions of service of Chairperson and other Members
- 19. Procedure for meetings of Board and authentication of its orders, directions and instruments
- 20. Functioning of Board as digital office
- 21. Terms and conditions of appointment and service of officers and employees of Board
- 22. Appeal to Appellate Tribunal
- 23. Calling for information from Data Fiduciary or intermediary