The Digital Personal Data Protection Act, 2023 (DPDPA), has attracted significant attention from Indian and global businesses during the past two years. This has been so even though the legislation is not yet in force.

Companies have begun taking steps to achieve compliance and are changing the way they operate their business to fall in line with the act’s requirements. Although the government has indicated that it will give businesses sufficient time to put necessary compliance measures in place before the implementation of the law, a proactive approach towards compliance should be undertaken. This is because most companies will have to overhaul their internal processes substantially.

The DPDPA applies in addition to other sector-specific regulations. Compliance plans should, therefore, take into account data protection and cybersecurity requirements under other laws to ensure conformity with overlapping provisions. The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, and the rules and regulations enacted under it (Aadhaar laws) is an important, but often overlooked piece of legislation that prescribes specific data protection-related obligations.