🇮🇳 Live Medical Devices & Diagnostics

Digital Personal Data Protection Act, 2023 (No. 22 of 2023)

Governs the processing of digital personal data by organisations and government bodies in India.

View official source document

Rules extracted

183

Obligations decomposed

9.6x

Avg obligations per rule

🇮🇳 India

Jurisdiction

About this regulation

India's comprehensive data protection law governing the processing of digital personal data. Establishes consent-based processing, data principal rights, data fiduciary obligations, consent managers, special provisions for children's data and significant data fiduciaries, the Data Protection Board of India for adjudication, and a tiered penalty framework with fines up to INR 250 crore. Applies to processing of digital personal data within India and to processing outside India if related to offering goods or services to data principals in India.

What AuditDSS covers

Source

Regulation

Extracted

Rules

Decomposed

183

Obligations

9.6x

Decomposition ratio

Each rule is decomposed into an average of 9.6 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 183 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in DPDP Act 2023 is scored across independent risk dimensions:

Obligation Weight

How critical within the regulatory framework

Violation Likelihood

How often breached in practice

Enforcement Evidence

Regulator enforcement history and penalties

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title: Digital Personal Data Protection Act, 2023 (No. 22 of 2023)
Regulatory body: Data Protection Board of India
Jurisdiction: 🇮🇳 India
Document type: statute
Effective date: August 11, 2023
Issuing authority: Parliament of India — Ministry of Electronics and Information Technology
Industry: Medical Devices & Diagnostics
Official source: View source document ↗

Who this applies to

data fiduciariesdata processorsconsent managerssignificant data fiduciariesData Protection Board of India

Key requirements

consent-based processing
notice to data principals
data principal rights
data fiduciary obligations
children's data protection
cross-border transfer restrictions
breach notification
penalty framework up to INR 250 crore

Frequently asked questions about DPDP Act 2023

What is DPDP Act 2023?

Who does DPDP Act 2023 apply to?

DPDP Act 2023 applies to data fiduciaries, data processors, consent managers, significant data fiduciaries, Data Protection Board of India.

How many obligations does DPDP Act 2023 contain?

AuditDSS has decomposed DPDP Act 2023 into 183 atomic obligations from 19 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of DPDP Act 2023?

The key requirements include: consent-based processing, notice to data principals, data principal rights, data fiduciary obligations, children's data protection, cross-border transfer restrictions, breach notification, penalty framework up to INR 250 crore.

How can I assess my DPDP Act 2023 compliance?

Upload your compliance policy to AuditDSS. The platform maps your document against all 183 DPDP Act 2023 obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces DPDP Act 2023?

DPDP Act 2023 is enforced in India by Data Protection Board of India.

When did DPDP Act 2023 come into effect?

DPDP Act 2023 became effective on August 11, 2023.

What industry does DPDP Act 2023 apply to?

DPDP Act 2023 is primarily relevant to the Medical Devices & Diagnostics industry. AuditDSS covers 64 regulations in this industry sector.

Build a DPDP Act 2023 compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for DPDP Act 2023 — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering DPDP Act 2023 requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine DPDP Act 2023 with other regulations into a single unified compliance pack for your business.

Build DPDP Act 2023 compliance pack

Already have a policy? Assess it against DPDP Act 2023

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

AI maps against 183 obligations

Your document is scored against every obligation in DPDP Act 2023. Each claim is mapped to the obligation tree and evaluated for coverage.

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.