🇮🇳 India

DPDPA compliance with ConsentX

Digital Personal Data Protection Act

In short

India's first comprehensive data protection law. It is built around clear, itemized notice and verifiable consent, with strong protections for children.

Region

India

Status

Enacted 2023, now in force

Group

Asia & Africa

Who it applies to

Any data fiduciary processing digital personal data in India, and those targeting people in India from abroad.

Penalties

Up to ₹250 crore per instance of non-compliance.

Key obligations

Itemized notice and verifiable consent
Consent in clear, plain language
Verifiable parental consent for children under 18
No tracking or targeted ads to children
Easy withdrawal and a Consent Manager pathway

How ConsentX helps

DPDPA §9 age-gate and parental flows

Itemized, plain-language consent notices

Verifiable consent receipts

Withdrawal as easy as consent

Per-region rules tuned for India

Get DPDPA ready with ConsentX

Start free, or book a walkthrough with our team.

Get started free Book a demo

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified counsel.

Frequently asked questions

Does DPDPA require age verification?+

Yes. Section 9 requires verifiable parental consent for users under 18 and bars tracking or targeted ads to children.

What counts as valid consent under DPDPA?+

Consent must follow an itemized, plain-language notice and be verifiable, with withdrawal as easy as giving it.

Other frameworks

🇪🇺 GDPR 🇬🇧 UK GDPR 🇺🇸 CCPA / CPRA 🇺🇸 VCDPA 🇺🇸 Colorado CPA 🇺🇸 CTDPA 🇺🇸 UCPA 🇺🇸 TDPSA 🇺🇸 Oregon OCPA 🇺🇸 Montana MCDPA 🇺🇸 Florida FDBR 🇧🇷 LGPD 🇨🇦 PIPEDA 🌏 PDPA 🇿🇦 POPIA