The Data Fiduciary is accountable for lawful processing: giving notice, obtaining valid consent, securing the data, honouring Data Principal rights and being able to demonstrate compliance to the Data Protection Board. Large-scale processors may be classed as Significant Data Fiduciaries with extra obligations such as DPIAs and a Data Protection Officer.
In ConsentX
Related terms
Under India's DPDPA, a Data Principal is the individual whose personal data is being processed, equivalent to a 'data subject' under the GDPR.
The DPDPA (DPDP Act 2023) is India's national data-protection law, requiring clear notice and free, specific, informed consent before processing personal data, with the DPDP Rules notified on 13 November 2025.
Under India's DPDPA, a Consent Manager is a registered, interoperable platform through which a Data Principal can give, manage, review and withdraw consent across Data Fiduciaries.