Our team has contributed to the India Chapter of the International Comparative Legal Guide (ICLG) Data Protection Laws and Regulations, 2025, which can be accessed at Data Protection Laws and Regulations Report 2025 India.

Our India Chapter provides a detailed overview of India’s data protection framework, with a primary focus on the upcoming Digital Personal Data Protection Act, 2023 (DPDPA). It examines aspects such as scope, applicability, key definitions, and foundational principles underpinning personal data processing, including purpose limitation, transparency, and accountability. It further elaborates on individual/data principal rights such as access, correction, erasure, grievance redressal and the novel right to nominate introduced under the DPDPA. Importantly, the chapter underscores the primary responsibility borne by data fiduciaries for all personal data processing activities, including those undertaken by data processors on their behalf, while outlining essential risk mitigation measures such as contractual safeguards and technical organisational controls.

The chapter also highlights the incremental compliance obligations applicable to Significant Data Fiduciaries (SDF) including data audits, data processing impact assessments and appointment of Data Protection Officers (DPO). It explores considerations applicable to processing of children’s data, cross-border data transfers, and personal data breach notification requirements. Additionally, the chapter discusses evolving privacy jurisprudence and sector-specific regulatory requirements, while offering practical insights on common issues such as marketing, cookies, employee monitoring, and the use of artificial intelligence.

This resource is intended as a practical guide for businesses seeking to understand India’s data protection regime, anticipate regulatory expectations, and implement effective compliance and governance strategies.