The Digital Personal Data Protection Act, 2023 ('the DPDP') is a landmark legislation aimed at transforming India's data landscape. It introduces significant penalties (upto INR 250 crore or US$ 30 million) for non-compliance, garnering widespread attention. The DPDP was enacted by both houses of Parliament and received assent from the Honorable President of India in August 2023. The Union Government of India (‘the Government’) is refining the rules for the DPDP to address specific administrative aspects.

The DPDP mandates that individuals under 18 years of age be classified as children, requiring explicit parental consent for the collection and processing of their data by internet intermediaries (also known as data fiduciaries). The Government is addressing specific reservations on the effectiveness of the usage of Digi-Locker or one-time electronic tokens in the context of rapid technological advancements, particularly for age verification on social media and personal communication platforms. These aspects have also been the subject matter of deliberations, with stakeholders from the industry expressing concerns over privacy and the practicality of age verification methods.

The rules are expected to (a) introduce additional safeguards for citizen privacy while curbing baseless complaints; (b) outline methods for determining user age for parental consent; and (c) detail the enforcement mechanism and the Data Protection Board. The forthcoming public consultation on the draft rules represents a critical phase in the implementation process. Government officials have emphasized that their strategy will continue to be consultative and measured; and aim for simplicity in the rule's language to avoid disruptions and deviations from the DPDP.

We will keep you posted of the developments and can be reached at contactus@mgcglobal.co.in to provide any clarifications and/or discuss your specific requirements.

Best regards

Markets Team

MGC Global Risk Advisory

About MGC Global Risk Advisory 

Recognized as one of the '10 most promising risk advisory services firms' in 2017, as the 'Company of the Year' in 2018 &, 2019 (both in the category of risk advisory services), one of the 'Top Exceptional Companies to Work For' in 2020, amongst the 'Top 25 Customer Centric Companies' in 2020, 'The Consultant of the year' in 2021 (in the category of risk advisory services), 'Top Exceptional Leaders in Risk Advisory Services' in 2023 and 'Best place to work' in 2024; MGC Global is an independent member firm of Allinial Global.

MGC Global provides services in the areas of enterprise-wide risk management, forensic, internal audits, control assessments (SOC, IFCR & SOX), process re-engineering, governance frameworks, privacy & data protection (including GDPR & DPDP), IT risk advisory, GDPR, VAPT, ISO readiness, cyber security, vCISO, accounting advisory, forensic, ESG & CSR services.

Our firm has the capabilities to service its clients through its offices in Bengaluru, Mumbai, NCR; and has service arrangements with associate firms in all major cities in India.

About Allinial Global

Allinial Global (formerly PKF North America) is currently the world's second-largest member-based association. With collective revenues to the tune of approximately US$ 6 billion, Allinial Global has dedicated itself to the success of independent accounting and consulting firms since its founding in 1969. 



It currently has member firms in over 105 countries, who have over 28,000 professional staff and over 6,000 partners operating from nearly 700 offices across the globe.

Allinial Global provides its member firms with a broad array of resources and support that benefit both its member firms and their clients in the key impact areas of learning & development, human resources, international outreach, technical support, knowledge-sharing through its specialized communities of practice, information technology and practice management.