DPDP Act 2023
Draft DPDP Rules 2025
Final DPDP Rules 2025
Ministry of Law and Justice

Chapter 1 – Preliminary (DPDP Act 2023)

Chapter 2 – Obligations of Data Fiduciary

Chapter 3 – Rights and Duties of Data Principal

Chapter 4 – Special Provisions

Chapter 5 – Data Protection Board of India

Chapter 6 – Powers & Procedures of the Board

Chapter 7 – Appeals & Alternate Dispute Resolution

Chapter 8 – Penalties & Adjudication

Chapter 9 – Miscellaneous

Schedule – DPDP Act 2023

Rule 1 – DPDP Draft Rule 1

Rule 2 – DPDP Draft Rule 2

Rule 3 – DPDP Draft Rule 3

Rule 4 – DPDP Draft Rule 4

Rule 5 – DPDP Draft Rule 5

Rule 6 – DPDP Draft Rule 6

Rule 7 – DPDP Draft Rule 7

Rule 8 – DPDP Draft Rule 8

Rule 9 – DPDP Draft Rule 9

Rule 10 – DPDP Draft Rule 10

Rule 11 – DPDP Draft Rule 11

Rule 12 – DPDP Draft Rule 12

Rule 13 – DPDP Draft Rule 13

Rule 14 – DPDP Draft Rule 14

Rule 15 – DPDP Draft Rule 15

Rule 16 – DPDP Draft Rule 16

Rule 17 – DPDP Draft Rule 17

Rule 18 – DPDP Draft Rule 18

Rule 19 – DPDP Draft Rule 19

Rule 20 – DPDP Draft Rule 20

Rule 21 – DPDP Draft Rule 21

Rule 22 – DPDP Draft Rule 22

Conditions for Registration of Consent Manager

Schedule Second – DPDP Draft Rules

Schedule Third – DPDP Draft Rules

Schedule Fourth – DPDP Draft Rules

Schedule Fifth – DPDP Draft Rules

Schedule Sixth – DPDP Draft Rules

Schedule Seventh – DPDP Draft Rules

DPDP Final Rule 1

DPDP Final Rule 2

DPDP Final Rule 3

DPDP Final Rule 4

DPDP Final Rule 5

DPDP Final Rule 6

DPDP Final Rule 7

DPDP Final Rule 8

DPDP Final Rule 9

DPDP Final Rule 10

DPDP Final Rule 11

DPDP Final Rule 12

DPDP Final Rule 13

DPDP Final Rule 14

DPDP Final Rule 15

DPDP Final Rule 16

DPDP Final Rule 17

DPDP Final Rule 18

DPDP Final Rule 19

DPDP Final Rule 20

DPDP Final Rule 21

DPDP Final Rule 22

DPDP Final Rule 23

First Schedule – DPDP Final Rules

Second Schedule – DPDP Final Rules

Third Schedule – DPDP Final Rules

Fourth Schedule – DPDP Final Rules

Fifth Schedule – DPDP Final Rules

Sixth Schedule – DPDP Final Rules

Seventh Schedule – DPDP Final Rules

Home Draft DPDP Rules Additional obligations of Significant Data Fiduciary

Rule - 12

Additional obligations of Significant Data Fiduciary

(1) A Significant Data Fiduciary shall, once in every period of twelve months from the date on which it is notified as such or is included in the class of Data Fiduciaries notified as such, undertake a Data Protection Impact Assessment and an audit to ensure effective observance of the provisions of this Act and the rules made thereunder.

(2) A Significant Data Fiduciary shall cause the person carrying out the Data Protection Impact Assessment and audit to furnish to the Board a report containing significant observations in the Data Protection Impact Assessment and audit.

(3) A Significant Data Fiduciary shall observe due diligence to verify that algorithmic software deployed by it for hosting, display, uploading, modification, publishing, transmission, storage, updating or sharing of personal data processed by it are not likely to pose a risk to the rights of Data Principals.

(4) A Significant Data Fiduciary shall undertake measures to ensure that personal data specified by the Central Government on the basis of the recommendations of a committee constituted by it is processed subject to the restriction that the personal data and the traffic data pertaining to its flow is not transferred outside the territory of India.

Prev Next