Does the DPDP Act apply to foreign companies processing Indian user data?

Yes. The DPDP Act 2023 has extraterritorial jurisdiction — any organization processing personal data of Indian citizens must comply, regardless of where the organization is headquartered.

What penalties can be imposed under the DPDP Act 2023?

Penalties range up to ₹250 crore for data breaches, ₹200 crore for failure to notify data breaches, and ₹10,000 for individuals providing false information.

Data Privacy Laws in India 2026: Your Complete DPDP Act Guide

By DigiNow Editorial Team · June 3, 2026 · 12 min read

India's Digital Personal Data Protection (DPDP) Act 2023 is the country's first comprehensive data privacy law, creating a legal framework governing how organizations collect, process, and store personal data of Indian citizens. This guide explains your rights, the obligations of businesses, and practical steps every Indian internet user should take immediately.

What Is the DPDP Act 2023?

Enacted in August 2023, the Digital Personal Data Protection Act 2023 establishes rights for "Data Principals" (individuals whose data is collected) and obligations for "Data Fiduciaries" (organizations that collect and process data). It replaces the Information Technology (Amendment) Act 2008 provisions for data protection.

Your 7 Rights Under the DPDP Act

Right to Access: Request information about what personal data a company holds about you
Right to Correction: Correct inaccurate or outdated personal data
Right to Erasure: Request deletion of your personal data when no longer necessary
Right to Grievance Redressal: File complaints with the Data Fiduciary
Right to Nominate: Nominate another person to exercise your rights in case of death or incapacity
Right to Information: Know the purpose of data collection before consenting
Right to Withdraw Consent: Withdraw previously given consent at any time

Penalties for Violations

The DPDP Act 2023 introduces significant financial penalties: up to ₹250 crore for data breaches affecting users, up to ₹200 crore for failure to notify users of data breaches, and up to ₹10,000 for individuals who provide false information when exercising their rights.

Practical Steps to Protect Your Privacy

Use temporary email addresses for online signups to limit personal data exposure
Generate strong unique passwords for every account using a password generator
Regularly audit and revoke app permissions on your smartphone
Exercise your right to erasure on platforms you no longer use

Frequently Asked Questions

Does the DPDP Act apply to foreign companies?: Yes. The Act has extraterritorial jurisdiction — any organization that processes data of Indian citizens, regardless of where the organization is headquartered, must comply.
What is a "Data Fiduciary" under the DPDP Act?: Any entity (person, company, state) that collects and determines the purpose of processing personal data is a Data Fiduciary. This includes apps, websites, employers, hospitals, and educational institutions.

DigiNow – Free Online Tools

DigiNow.in offers 100% free online tools including temporary email generator, video downloader, PDF merger & compressor, QR code generator, password generator, image compressor, URL shortener, text tools, calculators, and MCQ quiz creator. Fast, secure, and no signup required.