Contact us

      The Digital Personal Data Protection (DPDP) Act, 2023, operationalised through the 2025 Rules, introduces a stringent framework for personal data governance. For e-commerce and consumer enterprises, which rely heavily on data-driven personalisation and digital engagement, the implications are transformative.

      Key highlights of the report

      • Consent centric data processing

        Explicit, informed consent is mandatory for collecting and using personal data. Bundled or implied consent is invalid, requiring redesign of onboarding and marketing flows

      • Transparency and notices

        Privacy notices must be clear, modular, and multilingual, detailing data categories, purpose, and value exchange. Traditional lengthy T&Cs will no longer suffice

      • Data minimisation and retention

        Businesses must limit data collection to what is necessary and enforce strict retention timelines

      • Grievance redressal and governance

        Platforms must appoint grievance officers and implement mechanisms for user rights – access, correction, and erasure

      From Cart to Compliance: DPDPA’s ripple in Consumer Markets

      DPDP Act, 2023, with the 2025 Rules, set a strict framework for personal data governance for e-commerce and consumer enterprises

      Download

      Key Contacts

      Akhilesh Tuteja
      Akhilesh Tuteja

      Partner & National Leader, Clients and Markets

      KPMG in India

      Atul Gupta
      Atul Gupta

      Partner and Head - Digital Trust and Cyber

      KPMG in India

      Puneet Mansukhani
      Dr. Puneet Mansukhani

      National Sector Head - Retail, Global Retail Head - Digital & Technology Transformation

      KPMG in India

      Nikhil Sethi
      Nikhil Sethi

      National Leader Consumer Goods and Co-Lead Customer & Operations

      KPMG in India

      Nitin Shah
      Nitin Shah

      Partner – Digital Trust, Head – Cyber Security, Resilience and Privacy Strategy & Governance

      KPMG in India

      Shikha Kamboj
      Shikha Kamboj

      Partner, Digital Trust, National Leader, Data Privacy and Ethics

      KPMG in India

      DPDP Act and rules : Implications across sectors

      DPDP

      DPDPA demands strong vendor oversight, data minimisation, clear consent, rapid breach response and protection across IoT and smart rooms
      Read more

      DPDP

      Compliance evolves into a strategic edge, building trust, resilience, and customer empowerment in banking
      Read more

      DPDP

      DPDP Act 2023, through the 2025 Rules, defines a techno‑legal, enforceable framework for GCCs to safeguard digital personal data
      Read more

      DPDP

      DPDP Act 2023 with the 2025 Rules set a strong privacy regime for India’s healthcare and life sciences sector handling highly sensitive health data
      Read more

      DPDP

      DPDPA 2023 reshapes Media & OTT compliance, driving trust, safety, and strategic advantage in a competitive landscape
      Read more

      DPDP

      DPDPA aims to strengthen the techno-legal framework for protection of digital personal data by providing necessary details and an actionable framework
      Read more

      DPDP

      The DPDP Rules 2025 serves as a crucial extension to the DPDP Act 2023, providing operational clarity for entities processing digital personal data
      Read more

      How can KPMG in India help

      Use cyber security to protect your future
      Read more

      New challenges and opportunities are quickly reshaping financial services
      Read more

      Transformation driven by data, enabled by digital technology, and led by business initiatives
      Read more

      Access our latest insights on Apple or Android devices

      kpmg-insights-edge-qr