India’s groundbreaking Digital Personal Data Protection Act officially came into force this week, mandating sweeping new data privacy standards across the public and private sectors. All organizations that collect, process, or store data on Indian citizens must now comply with protocols on data minimization, user consent, right to erasure, and safeguards for cross-border transfers.
Compliance and Enforcement
Startups and big businesses alike face stiff penalties for breaches, including fines and possible criminal liability for willful violations. The government is setting up a new Data Protection Board to monitor compliance and arbitrate complaints.
Impact and Challenges
Digital rights advocates praise the law for affirming user control over personal information, but industry groups say smaller companies may struggle to adapt quickly. Internationally, the law is seen as a step toward harmonizing India’s tech sector with global standards like Europe’s GDPR.
