In August 2017, a nine-judge bench of the Supreme Court unanimously held that Indians have a constitutionally protected fundamental right to privacy that is an intrinsic part of life and liberty under Article 21. This changed the regime on data privacy in the country and the Government appointed a committee of experts for Data protection that submitted a report in July 2018 along with a draft Data Protection Bill.
Thereafter, the Government published Digital Personal Data Protection Act (DPDPA) which provided a legal framework to process digital personal data, and this was passed by parliament in 2023. To that effect, Draft Digital Personal Data Protection Rules have been issued in January 2025, that supplements DPDP Act 2023, providing operational clarity on the provisions of the Act.
Data privacy today transcends beyond compliance for global businesses, and it is a strategic imperative for establishing trust, enhancing reputation and driving success. Along with rapid technology led innovation including adoption of Artificial Intelligence (AI), the world is also witnessing significant amount of digital data being created and regulations like this enable businesses to bring order in such environments.
Globally data protection acts have stringent punitive measures, which have also been included in the DPDPA. Non-compliance to the regulation could lead to hefty fines, potentially up to INR 250 crores, along with reputational risks.