Contact us

      The Digital Personal Data Protection Rules, 2025 released by the Ministry of Electronics and Information Technology, India (MeitY), dated 13 November 2025 serves as a crucial extension to the Digital Personal Data Protection Act 2023. It provides operational clarity for entities processing digital personal data in relation to providing goods and services within the territory of India.

      By outlining specific compliance requirements, these rules facilitate a smoother transition for businesses aiming to align with the act. These Rules act as a stepping-stone by offering directives on data protection practices, thereby enabling businesses to implement robust data privacy and governance framework which would not only ensure legal compliance but also foster trust and transparency with Data Principals, ultimately contributing to a more secure and privacy-conscious business environment.

      This landmark legislation is set to introduce a comprehensive and rigorous framework for data protection, fundamentally changing how the industry manages consumer information. Companies will be required to overhaul their data management practices to ensure enhanced security and transparency.

      This report explains the Rules under India’s Digital Personal Data Protection Act and provides guidance for organisations on how to comply with its implementation requirements.

      DPDP Rules 2025: Guidance to DPDP Act implementation

      The DPDP Rules 2025 serves as a crucial extension to the DPDP Act 2023, providing operational clarity for entities processing digital personal data

      Download the report (1.95 MB)

      Hear from the experts

      The 18-month countdown begins: DPDP Rules 2025 action plan

      Watch the webinar to understand how to run compliance into advantage and build a credible privacy foundation

      Watch now

      Key Contacts

      Akhilesh Tuteja
      Akhilesh Tuteja

      Partner & National Leader, Clients and Markets

      KPMG in India

      Atul Gupta
      Atul Gupta

      Partner and Head - Digital Trust and Cyber

      KPMG in India

      DPDP Act and rules : Implications across sectors

      DPDP

      DPDPA demands strong vendor oversight, data minimisation, clear consent, rapid breach response and protection across IoT and smart rooms
      Read more

      DPDP

      Compliance evolves into a strategic edge, building trust, resilience, and customer empowerment in banking
      Read more

      DPDP

      DPDP Act, 2023, with the 2025 Rules, set a strict framework for personal data governance for e-commerce and consumer enterprises
      Read more

      DPDP

      DPDP Act 2023, through the 2025 Rules, defines a techno‑legal, enforceable framework for GCCs to safeguard digital personal data
      Read more

      DPDP

      DPDP Act 2023 with the 2025 Rules set a strong privacy regime for India’s healthcare and life sciences sector handling highly sensitive health data
      Read more

      DPDP

      DPDPA 2023 reshapes Media & OTT compliance, driving trust, safety, and strategic advantage in a competitive landscape
      Read more

      DPDP

      DPDPA aims to strengthen the techno-legal framework for protection of digital personal data by providing necessary details and an actionable framework
      Read more

      How can KPMG in India help

      Use cyber security to protect your future
      Read more

      New technologies. Sales channels. Customer experiences. Does your organisation have the confidence and agility to seize these kinds of opportunities, or are cyber threats holding you back?
      Read more

      Transformation driven by data, enabled by digital technology, and led by business initiatives
      Read more

      Access our latest insights on Apple or Android devices

      kpmg-insights-edge-qr