stock market today55 min ago
New DPDP rules notified: Start-ups to benefit from simplified compliance; nationwide awareness campaign begins
Written By Ankit Kumar
Published: 8:50 PM, Dec 3, 2025 | Updated: 8:50 PM, Dec 3, 2025
India has begun implementing the DPDP Act and Rules with a simplified compliance track for start-ups and selected data fiduciaries. The Digital Data Protection Board has been notified, and the Government will soon specify jurisdictions where cross-border data transfer may be restricted. A nationwide awareness drive is under way to educate citizens and businesses as the country shifts to a rights-based data protection regime.
&format=webp&quality=medium)
Start-ups get simplified compliance under DPDP Act; Government steps up awareness push. Source: Unsplash
The Government has moved to make India’s new data protection regime easier to adopt, especially for start-ups and select data fiduciaries, as the Digital Personal Data Protection (DPDP) Act, 2023 and the DPDP Rules, 2025 come into force. The framework, officially notified on 13 November, lays down a clear rollout timeline and establishes the Digital Data Protection Board, which will oversee compliance, handle grievances and ensure accountability.
Minister of State for Electronics and IT Jitin Prasada told the Lok Sabha that the transition to the new law will be supported through sustained awareness campaigns, training programmes and digital outreach, as the Government pushes for wider understanding of data rights and obligations.
Simplified rules for start-ups and smaller data fiduciaries
Add Zee Business as a Preferred Source
A central feature of the new regime is the simplified compliance pathway designed for start-ups and certain categories of data fiduciaries. The relaxation is meant to ensure that early-stage firms do not face heavy regulatory load while still following core data-protection principles. This includes lighter reporting requirements, reduced documentation, calibrated record-keeping and more flexible procedures - a structure the Government says will help innovation without compromising user rights.
Digital Data Protection Board formally notified
The Digital Data Protection Board, the authority responsible for enforcing the law, has now been notified.
It will function as an independent body with powers to:
- Ensure compliance by data fiduciaries,
- Respond to grievances and breaches, and
- Monitor accountability across the digital ecosystem.
The Board will also guide entities as they transition into the new framework over the coming months.
Cross-border data transfers: Government to notify restricted jurisdictions
The DPDP Act empowers the Government to specify jurisdictions where personal data transfer may be restricted. Entities handling personal data will need to comply with these upcoming notifications as part of their operations.
Mass awareness and capacity-building push
Alongside the legal rollout, the Government is running a nationwide awareness programme to help citizens and businesses understand the Act. The campaign includes workshops, conferences, expert sessions and digital outreach aimed at:
- Explaining the rights granted to citizens,
- Promoting responsible data practices,
- Helping organisations understand obligations from consent to grievance redressal.
Towards a rights-based data ecosystem
With the DPDP Act now operational, India is preparing to implement one of the most comprehensive data protection frameworks among major digital economies. The approach is built around two priorities - easing compliance for smaller entities and enforcing strong safeguards for citizens. The Government maintains that the new regime will strengthen trust in the digital economy and support the country’s growing technology and start-up ecosystem.
- 1
- 2
- 3
- 4
- 5
- 6