This, the second in a two-part series on health Under India’s Digital Personal Data Protection Act, 2023 (DPDPA), organisations may rely on the voluntary provision of personal data as a legal basis for processing in certain situations, instead of obtaining explicit consent. In this session from Spice Route Legal’s Cocktails & Compliance – Financial Services Edition, Ajeeth Srinivas (Associate) explores how organisations can structure digital interfaces and user journeys to enable the voluntary sharing of personal data while remaining compliant with the DPDP Act. The discussion covers:

1. What “voluntary provision of personal data” means under the DPDP Act
2. How organisations can structure UI and user flows to support this legal basis
3. Practical examples from banking and fintech platforms
4. Key limitations and compliance risks businesses must consider protection law, examines the impact of the Digital Personal Data Protection Act, 2023 (DPDPA), on healthcare organisations.