dpdpa.co.in

Menu

    DPDP RULES

    Rule 1 – Short title and commencement.

    Rule 2 – Definitions

    Rule 3 -Notice given by Data Fiduciary to Data Principal

    Rule 4 – Registration and obligations of Consent Manager

    Rule 5 – Processing of personal data for provision or issue of subsidy …

    Rule 6 – Reasonable security safeguards

    Rule 7 – Intimation of personal data breach

    Rule 8 – Time period for specified purpose to be deemed …

    Rule 9 – Contact information of person to answer questions about processing

    Rule 10 – Verifiable consent for processing of personal data of child

    Rule 11 – Verifiable consent for processing of personal data …

    Rule 12 – Exemptions from certain obligations …

    Rule 13 – Additional obligations of Significant Data Fiduciary

    Rule 14 – Rights of Data Principals

    Rule 15 – Transfer of personal data outside

    Rule 16 – Exemption from Act for research

    Rule 17 – Appointment of Chairperson …

    Rule 18 – Salary, allowances and other terms …

    Rule 19 – Procedure for meetings of Board

    Rule 20 – Functioning of Board as digital office

    Rule 21 – Terms and conditions of appointment …

    Rule 22 – Appeal to Appellate Tribunal

    Rule 23 – Calling for information from …

    First Schedule – Conditions for registration of …

    Second Schedule – Standards for processing of …

    Third Schedule

    Fourth Schedule – Classes of Data Fiduciaries …

    Fifth Schedule – Terms and conditions of …

    Sixth Schedule – Terms and conditions of appointment …

    Seventh Schedule

    Rule 23

    Calling for information from Data Fiduciary or intermediary

    (1) The Central Government may, for such purposes of the Act as are specified in Seventh Schedule, acting through the corresponding authorised person specified in the said Schedule, require any Data Fiduciary or intermediary to furnish such information as may be called for, within the specified period as may be given in such. 

    (2) Where the disclosure of furnishing of information as referred to in sub-rule (1) is likely to prejudicially affect the sovereignty and integrity of India or security of the State, the Central Government may require the Data Fiduciary or intermediary to not disclose such furnishing to affected Data Principal or any other person except with the previous permission, in writing, of the authorised person. 

    (3) For the purposes of this rule, the expression “intermediary” shall have the same meaning as assigned to it in the Information Technology Act, 2000 (21 of 2000).

    Effective after 18 months (13 May 2027)

    Rule 22
    First Schedule
    Scroll to Top