Contact us

      The Digital Personal Data Protection (DPDP) Act, 2023, along with the 2025 Rules, introduces a stringent privacy regime for India’s healthcare and life sciences sector, which handles highly sensitive health data.

      Key highlights of the report

      • Consent-centric processing

        Explicit, informed consent is mandatory for collecting and using patient data. Blanket or implied consent is invalid

      • Patient rights

        Individuals can access, correct, and erase their health data, systems must be designed to ensure compliance

      • Data minimisation and purpose limitation

        Only necessary data for treatment or research can be processed; secondary use without consent is prohibited

      • Governance and accountability

        Appointment of Data Protection Officers (DPOs), breach reporting within 72 hours, and Data Protection Impact Assessments (DPIAs) for high-risk activities are mandatory

      The privacy prescription: Impact of DPDP Act and rules in healthcare and life sciences sector

      DPDP Act 2023 with the 2025 Rules set a strong privacy regime for India’s healthcare and life sciences sector handling highly sensitive health data

      Download

      Key Contacts

      Akhilesh Tuteja
      Akhilesh Tuteja

      Partner & National Leader, Clients and Markets

      KPMG in India

      Atul Gupta
      Atul Gupta

      Partner and Head - Digital Trust and Cyber

      KPMG in India

      Lalit Mistry
      Lalit Mistry

      Partner and Co-head, Healthcare

      KPMG in India

      Nitin Shah
      Nitin Shah

      Partner – Digital Trust, Head – Cyber Security, Resilience and Privacy Strategy & Governance

      KPMG in India

      Shikha Kamboj
      Shikha Kamboj

      Partner, Digital Trust, National Leader, Data Privacy and Ethics

      KPMG in India

      DPDP Act and rules : Implications across sectors

      DPDP

      DPDPA demands strong vendor oversight, data minimisation, clear consent, rapid breach response and protection across IoT and smart rooms
      Read more

      DPDP

      Compliance evolves into a strategic edge, building trust, resilience, and customer empowerment in banking
      Read more

      DPDP

      DPDP Act, 2023, with the 2025 Rules, set a strict framework for personal data governance for e-commerce and consumer enterprises
      Read more

      DPDP

      DPDP Act 2023, through the 2025 Rules, defines a techno‑legal, enforceable framework for GCCs to safeguard digital personal data
      Read more

      DPDP

      DPDPA 2023 reshapes Media & OTT compliance, driving trust, safety, and strategic advantage in a competitive landscape
      Read more

      DPDP

      DPDPA aims to strengthen the techno-legal framework for protection of digital personal data by providing necessary details and an actionable framework
      Read more

      DPDP

      The DPDP Rules 2025 serves as a crucial extension to the DPDP Act 2023, providing operational clarity for entities processing digital personal data
      Read more

      How can KPMG in India help

      Use cyber security to protect your future
      Read more

      Life sciences sector has witnessed exponential growth both in terms of broadening of scope and deepening of capabilities across the industry value
      Read more

      Transformation driven by data, enabled by digital technology, and led by business initiatives
      Read more

      Access our latest insights on Apple or Android devices

      kpmg-insights-edge-qr