DPDP Rules 2025 are now in effect. How ready is your business? Most Indian companies don't know yet.Find out in 3–5 minutes — free →
SaralPrivacy emblem
DPDPA Learning Hub

DPDPA Guide — Plain English for Indian Businesses

Everything you need to understand the Digital Personal Data Protection Act — without a law degree. Start with the basics or jump to the topic most relevant to you.

New to DPDPA? Start here →

1.What is DPDPA?2.Who Does It Apply To?3.Key Terms4.Consent Under DPDPA5.Rights of Individuals6.Duties of Businesses

Key Reference Documents

DPDP Act 2023DPDP Rules 2025PenaltiesGlossary (50+ Terms)

Compliance Tools

Compliance Checklist (90 Controls)DPDPA AssessmentDPDPA White Paper
Act Reference

DPDP Act 2023 — Full Text

The complete Digital Personal Data Protection Act, 2023 — all 9 chapters, 44 sections, and the Penalty Schedule — official text with plain-English summaries.

Act Reference readRead
Rules Reference

DPDP Rules 2025: Plain-English Guide

Every Rule and Schedule under the DPDP Rules, 2025 explained in plain English — section by section, in the same order as the official text.

25 min readRead
Start here

What is DPDPA?

An overview of the Digital Personal Data Protection Act, 2023 — why it was passed, what it governs, and what it means for Indian businesses.

5 min readRead
Essential

Who Does It Apply To?

DPDPA applies to any entity processing personal data of Indian citizens. Find out whether your business is covered and to what extent.

4 min readRead
Reference

Must Learn: Key Terms

Data Fiduciary, Data Principal, Data Processor, Significant Data Fiduciary — all the DPDPA vocabulary you need, explained plainly.

6 min readRead
Action needed

Consent Under DPDPA

What valid consent looks like, how to collect it, what makes consent invalid, and how to design compliant consent flows for your forms and website.

7 min readRead
Action needed

Notice Requirements

Every data collection must be accompanied by a clear notice. Learn what a DPDPA-compliant notice must include and how to implement it.

4 min readRead
Essential

Rights of Individuals

Data Principals have rights to access, correct, and erase their data. Learn what these rights are and how your business must respond.

5 min readRead
Essential

Duties of Businesses

What Data Fiduciaries must do: security safeguards, data minimisation, purpose limitation, processor agreements, and more.

8 min readRead
Sector-specific

Children's Data

DPDPA has special provisions for data of minors. If you process data of anyone under 18, this section is mandatory reading.

4 min readRead
Action needed

Data Breach Basics

What constitutes a breach, notification timelines, who to notify, and how to build a basic incident response capability.

5 min readRead
Practical

Data Retention and Deletion

How long can you keep personal data? What are the rules around deletion? Learn to define and document your retention policies.

4 min readRead
Reference

Cross-Border Considerations

Transferring personal data outside India? Understand the permitted destinations framework and what cross-border flows require.

4 min readRead
Popular

Myth vs Fact

Common misconceptions about DPDPA — including who needs to comply, what counts as consent, and whether SMEs are exempt.

5 min readRead
Tools

Penalties Under DPDPA

Understand the 7-item Penalty Schedule — who can be fined, how much, and under what circumstances. Includes a free Penalty Risk Indicator tool.

Tool readRead
Reference

DPDPA Glossary — 50 Key Terms

Every key term from the Act and Rules — Data Principal, Data Fiduciary, Deemed Consent, Penalty Schedule, and more — with exact section references.

Reference readRead
Tools

DPDPA Compliance Checklist — 90 Controls

Statutory and operational controls across 27 sections — applicability, consent, notice, rights, breach, SDF obligations, and evidence requirements. Based on DPDPA Act 2023 + DPDP Rules 2025.

Checklist readRead