DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

India / DPDPA

What is Data Protection Board of India?

Also known as DPB.

In short
The Data Protection Board of India is the body that enforces the DPDPA, investigates breaches and consent complaints, and imposes penalties of up to ₹250 crore per instance.

If the Board investigates, a Data Fiduciary must be able to demonstrate that it had valid consent and met its obligations. That is why tamper-evident, time-stamped consent records matter: they are the evidence you present. ConsentX binds every consent into a verifiable SHA-256 hash chain for exactly this purpose.

In ConsentX

Consent receipts & evidence

Related terms

Digital Personal Data Protection Act

The DPDPA (DPDP Act 2023) is India's national data-protection law, requiring clear notice and free, specific, informed consent before processing personal data, with the DPDP Rules notified on 13 November 2025.

Consent Receipt

A consent receipt is a tamper-evident, time-stamped record of exactly what a user agreed to, including the purposes, the policy version and a verifiable hash, used as proof of valid consent.

Data Fiduciary

Under India's DPDPA, a Data Fiduciary is the entity that decides why and how personal data is processed, equivalent to a 'controller' under the GDPR.

Put Data Protection Board of India into practice

ConsentX turns these requirements into enforced, provable consent. Free to start.

Start free Back to glossary