January 12, 2026 Time : 06:04:02am

Review of the Draft Data Protection Rules, 2025

January 5, 2025 admin
0 Comment
Law

Review of the Draft Data Protection Rules, 2025

The Ministry of Electronics and Information Technology, Government of India, has released the Draft Digital Personal Data Protection Rules, 2025, under the Digital Personal Data Protection Act, 2023. The proposed rules aim to operationalize the provisions of the Act and establish a framework for the protection of personal data in India.

Key Provisions of the Draft Rules

  1. Data Fiduciary Responsibilities:

    • The draft mandates that data fiduciaries must provide clear and easily understandable notices to data principals regarding the collection and processing of their personal data.

    • Data fiduciaries are required to ensure that data is processed for specified and lawful purposes with the consent of the data principal.

  2. Consent Management:

    • The rules emphasize obtaining free, informed, specific, and unambiguous consent from data principals before processing their data.

    • A consent manager must be registered with the Data Protection Board and meet specific technical and operational criteria.

  3. Security Measures:

    • Data fiduciaries must implement adequate security safeguards, including encryption and access controls, to protect personal data from unauthorized access and breaches.

  4. Children’s Data Protection:

    • Special provisions have been introduced for the processing of children’s data, including the requirement for verifiable parental consent before processing such data.

  5. Data Breach Notification:

    • Data fiduciaries must notify both the affected data principals and the Data Protection Board in the event of a data breach, detailing the nature of the breach, the data involved, and remedial measures taken.

  6. Exemptions for Government Entities:

    • Government bodies processing personal data for providing services, issuing licenses, or certificates may be exempt from certain obligations under the Act.

  7. Cross-Border Data Transfer:

    • The draft rules impose restrictions on cross-border transfers of personal data, permitting them only when aligned with government-approved jurisdictions.

Compliance and Enforcement

The draft rules outline the establishment of the Data Protection Board, which will oversee compliance, investigate violations, and impose penalties for non-compliance. The Board will also maintain a digital office for efficient case handling and transparency.

Conclusion

The Draft Data Protection Rules, 2025, mark a significant step towards strengthening data privacy in India. Stakeholders are encouraged to provide feedback by February 18, 2025, through the MyGov portal. This proactive engagement is crucial to ensure the final rules balance privacy rights with operational feasibility.

Law
Law

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!

Social Chat is free, download and try it now here!