DPDPA
Digital Personal Data Protection Act
India
Enacted 2023, now in force
Asia & Africa
Who must comply
Any data fiduciary processing digital personal data in India, and those targeting people in India from abroad.
Penalties
Up to โน250 crore per instance of non-compliance.
Key obligations
- Itemized notice and verifiable consent
- Consent in clear, plain language
- Verifiable parental consent for children under 18
- No tracking or targeted ads to children
- Easy withdrawal and a Consent Manager pathway
How ConsentX helps
DPDPA ยง9 age-gate and parental flows
Itemized, plain-language consent notices
Verifiable consent receipts
Withdrawal as easy as consent
Per-region rules tuned for India
Get DPDPA ready with ConsentX
This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.
How to comply with DPDPA using ConsentX
- 1
Scan your website
Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under DPDPA.
- 2
Show a geo-aware consent banner
Add the ConsentX banner. It detects each visitor region and shows the consent experience that DPDPA requires, automatically.
- 3
Block trackers until consent
Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.
- 4
Record tamper-evident proof
Every choice is stored as a tamper-evident consent receipt you can produce in a DPDPA audit.
- 5
Handle data requests on time
Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.
Frequently asked questions
Does DPDPA require age verification?+
Yes. Section 9 requires verifiable parental consent for users under 18 and bars tracking or targeted ads to children.
What counts as valid consent under DPDPA?+
Consent must follow an itemized, plain-language notice and be verifiable, with withdrawal as easy as giving it.