(MENAFN- KNN India) New Delhi, Nov 18 (KNN) Experts responding to the government's notification of the Digital Personal Data Protection (DPDP) Act stated that the industry must now prioritise investing in consent and integrating data protection into digital operations as a core function, rather than viewing it merely as a cost, a step widely regarded as a decisive move toward a 'Trust Economy'.

Analysts say the framework signals the end of indiscriminate collection of personal data and places consent, accountability and user rights at the centre of digital operations.

Industry executives noted that the new regime marks a fundamental change in how personal information will be governed. They said citizens will now gain greater control over their digital footprints, including the right to correct or erase personal data.

“The Digital Personal Data Protection Act notification of today marks the definitive pivot towards a Trust Economy where bulk personally identifiable information (PII) collection will be replaced by a mandate for precision and accountability at every digital exchange,” said Santosh Singh, Senior Vice President, IT, DS Group, reported ANI.

He added that organisations must now view investment in consent and data protection as a foundational component of commerce.

The Centre notified the DPDP Rules on November 14, enabling full operationalisation of the DPDP Act, enacted by Parliament on August 11, 2023.

The Ministry of Electronics and IT said the Act and Rules establish a simple, citizen-centric and innovation-friendly framework for the responsible use of digital personal data.

The law outlines the responsibilities of data-handling entities, known as Data Fiduciaries, and defines the rights and duties of individuals, referred to as Data Principals.

Legal experts described the notification as a significant milestone in India's digital governance landscape.

Talish Ray, Advocate and Managing Partner, TRS Law Offices, said the rules strengthen privacy safeguards by introducing structured consent mechanisms, defining fiduciary responsibilities and formalising security and breach reporting obligations.

She noted, however, that the framework still contains gaps, including its dependence on consent, limited individual rights, and wide government exemptions for national security and public order.

“While the DPDP Rules 2025 represent progress, they fall short of protecting individual privacy and promoting digital rights. India must ensure that its digitally empowered society doesn't come at the cost of individual freedom and autonomy,” she said.

The government has maintained that the rules aim to balance privacy protection with innovation and economic growth.

Nikhil Narendran, Partner – TMT (Technology, Media, and Telecommunications), Trilegal, said the clarity provided by the notification gives“India Inc. an 18-month runway to prepare for full compliance.”

Organisations, he added, will need to begin data mapping, redesign consent and notice structures, and roll out training with support from legal, technology and privacy specialists.

The DPDP Rules prescribe a phased 18-month compliance window and require Data Fiduciaries to issue standalone, transparent consent notices specifying how personal data will be collected and used.

The framework also mandates that Consent Managers-entities responsible for helping individuals manage permissions-must be incorporated in India.

(KNN Bureau)

MENAFN18112025000155011030ID1110362602