The Digital Personal Data Protection Act applies to every Indian company that processes personal data — names, emails, phone numbers, Aadhaar, health records. Penalties up to Rs 250 crore for significant breaches. SpectraAI helps you comply.
Explicit, informed consent before processing personal data. Purpose limitation — data used only for stated purpose. Consent withdrawal mechanism required.
02
Data Principal Rights
Right to access, correction, erasure, and grievance redressal. Companies must respond to data principal requests within prescribed timelines.
03
Data Breach Notification
Mandatory notification to the Data Protection Board and affected individuals in case of personal data breach. CERT-In 6-hour reporting also applies.
04
Data Fiduciary Obligations
Reasonable security safeguards, data minimisation, storage limitation, and accountability. Significant Data Fiduciaries have additional requirements.
05
Children Data Processing
Verifiable parental consent for processing data of persons under 18. Additional restrictions on targeted advertising to children.
Penalties
Up to Rs 250 crore for significant data breach by Significant Data Fiduciary. Up to Rs 200 crore for failure to protect children data. Up to Rs 150 crore for other violations.