Stay abreast with the latest developments in the professional domain along with in-depth analysis through the monthly BCA Journal. Get access to an engaging library of researched publications from the BCAS stable.
Learn MoreExplore past issues of BCA Journal & indulge in a treasure trove of high-quality professional content across format of print, videos & learning events from the BCAS stable.
Learn More
India's Digital Personal Data Protection (DPDP) Law, operationalised by the 2025 Rules, establishes a privacy-centric legislative framework for managing personal data, aligning India with global standards like GDPR and affirming privacy as a fundamental right. The regime is anchored by core principles like consent, data minimization, and accountability.
The law empowers the Data Protection Board (DPB) to enforce compliance, imposing heavy fines up to INR 250 crores for violations. Data Fiduciaries must obtain explicit consent, maintain data logs, designate a DPO (for Significant Data Fiduciaries (SDFs)), and perform Data Protection Impact Assessments (DPIAs). Data Principals are granted rights to access, correct, and erase their data.
While distinct from cybersecurity (which protects all digital assets), DPDP focuses specifically on the lawful processing of personal data. Chartered Accountants (CAs) are positioned to play a vital strategic and advisory role by verifying DPDP controls, participating in DPIAs, assessing financial reporting liabilities, and guiding clients to use compliance as a strategic differentiator.
INTRODUCTION
The recent Digital Personal Data Protection (DPDP) Law, enacted by the Indian government and operationalised with the DPDP Rules of 2025,
