DPDP Rules 2025 are now in effect. How ready is your business? Most Indian companies don't know yet.Find out in 10 minutes — free →
SaralPrivacy emblem
DPDPA Learning Hub

DPDPA Guide — Plain English for Indian Businesses

Everything you need to understand the Digital Personal Data Protection Act — without a law degree. Start with the basics or jump to the topic most relevant to you.

Recommended reading order if you are just starting

1.What is DPDPA?2.Who Does It Apply To?3.Key Terms4.Consent Under DPDPA5.Rights of Individuals6.Duties of Businesses
Rules Reference

DPDP Rules 2025: Plain-English Guide

Every Rule and Schedule under the DPDP Rules, 2025 explained in plain English — section by section, in the same order as the official text.

25 min readRead
Start here

What is DPDPA?

An overview of the Digital Personal Data Protection Act, 2023 — why it was passed, what it governs, and what it means for Indian businesses.

5 min readRead
Essential

Who Does It Apply To?

DPDPA applies to any entity processing personal data of Indian citizens. Find out whether your business is covered and to what extent.

4 min readRead
Reference

Key Terms in Simple Language

Data Fiduciary, Data Principal, Data Processor, Significant Data Fiduciary — all the DPDPA vocabulary you need, explained plainly.

6 min readRead
Action needed

Consent Under DPDPA

What valid consent looks like, how to collect it, what makes consent invalid, and how to design compliant consent flows for your forms and website.

7 min readRead
Action needed

Notice Requirements

Every data collection must be accompanied by a clear notice. Learn what a DPDPA-compliant notice must include and how to implement it.

4 min readRead
Essential

Rights of Individuals

Data Principals have rights to access, correct, and erase their data. Learn what these rights are and how your business must respond.

5 min readRead
Essential

Duties of Businesses

What Data Fiduciaries must do: security safeguards, data minimisation, purpose limitation, processor agreements, and more.

8 min readRead
Sector-specific

Children's Data

DPDPA has special provisions for data of minors. If you process data of anyone under 18, this section is mandatory reading.

4 min readRead
Action needed

Data Breach Basics

What constitutes a breach, notification timelines, who to notify, and how to build a basic incident response capability.

5 min readRead
Practical

Data Retention and Deletion

How long can you keep personal data? What are the rules around deletion? Learn to define and document your retention policies.

4 min readRead
Reference

Cross-Border Considerations

Transferring personal data outside India? Understand the permitted destinations framework and what cross-border flows require.

4 min readRead
Popular

Myth vs Fact

Common misconceptions about DPDPA — including who needs to comply, what counts as consent, and whether SMEs are exempt.

5 min readRead