Over 6,900 inputs received on Draft Digital Personal Data Protection rules 2025 from citizens and stakeholders

The Government of India is intensifying its push for data privacy and digital security with the rollout of the Digital Personal Data Protection (DPDP) Act, 2023, and the introduction of the draft rules for 2025, now open for public consultation.

These measures are designed to safeguard the digital personal data of citizens while ensuring lawful and accountable data processing practices by organizations.

Also Read: Parliamentary Committee raises concern with MeitY over DPDP Act implementation lag

The DPDP Act, 2023, lays down a robust framework to protect individuals' data rights, requiring data fiduciaries - entities that possess personal data - to implement reasonable security safeguards.

To operationalize the law, the government released the Draft Digital Personal Data Protection Rules, 2025, which have already attracted 6,915 responses from stakeholders and citizens, reflecting strong public engagement.

As part of its broader mission to create a safe, trusted, and accountable cyberspace, the government is also focusing heavily on capacity building and public awareness.

Initiatives under this strategy include:

- Cyber Security Awareness Month and Safer Internet Day campaigns to educate users on safe digital practices.

- CyberShakti, launched in October 2024, is building a skilled women workforce in the cybersecurity domain.

- The Information Security Education and Awareness (ISEA) programme has conducted over 3,637 workshops, impacting more than 8.2 lakh individuals, including students, law enforcement, and government officials.

- Awareness resources are available in multiple languages through platforms like www.staysafeonline.in, www.infosecawareness.in, and www.csk.gov.in, with materials covering deepfakes, secure transactions, and cyber hygiene.

In terms of infrastructure and institutional measures, several national agencies and policies are in place to monitor and counter cyber threats:

- The National Critical Information Infrastructure Protection Centre (NCIIPC) ensures protection of vital digital systems.

- The Indian Computer Emergency Response Team (CERT-In), the nodal agency for cyber incident response, issues frequent advisories on new threats and mitigation strategies.

- The National Cyber Coordination Centre (NCCC) helps detect and coordinate responses to threats across agencies.

- The Cyber Swachhta Kendra (CSK), a botnet cleaning and malware analysis centre, empowers citizens and organisations to detect and remove malicious software, while offering cyber hygiene best practices.

- The National Cyber Security Coordinator (NCSC) ensures policy alignment and coordination across sectors.

In addition, the government continues to enforce the IT (Reasonable Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, ensuring that organisations handling sensitive data adhere to prescribed security protocols.

Also Read: Decoding India’s DPDP rules: What businesses need to know and do

Also Read: India set to revolutionize data privacy with real-time consent system under DPDP Act