DPDP deadline: 10-35% readiness gap pushes Indian organizations to adopt Consent Managers for data governance
As employees and candidates become more aware of their rights, experts expect a rise in consent withdrawal requests and disputes.
ADVERTISEMENT
India’s Digital Personal Data Protection Act is set to reshape the hiring ecosystem, and the biggest shift lies in the rise of Consent Managers. These independently incorporated intermediaries will sit between jobseekers, employers, job platforms, and HR vendors, forcing a complete redesign of how candidate information moves during sourcing, screening, and onboarding.
But the DPDP rollout has revealed a deeper and more uncomfortable reality: India’s hiring and HR infrastructure is massively underprepared for the new compliance era. Across leading platforms and staffing firms, experts estimate that only 10 to 35 percent of Indian organisations are currently DPDP-ready in terms of immutable audit trails, consent logs, and long-term record retention.
Candidate data flows enter a controlled ecosystem
The introduction of Consent Managers will be most visible in how candidate data flows. For years, hiring in India has relied on forwarded CVs, outdated resume banks, informal referrals, and ad hoc data sharing across agencies and teams. Anupama Bhimrajka, VP of Marketing at foundit, says this era is ending. “Every flow of candidate data will shift from open-ended systems to a permission-based ecosystem where jobseekers explicitly control who sees their information, for what purpose, and for how long,” she explains. She believes that activities such as resume parsing, assessments, communication, and background checks will no longer hide under blanket consents. Instead, each action will require its own purpose-defined approval, creating a more ethical and rights-centered hiring environment.
Consent logs replace the old CV-to-ATS pipeline
Sarbojit Mallick, co-founder of Instahyre, describes the shift as a structural redesign. “Consent Managers will add a crucial and auditable consent step, turning candidate data flows into paths that capture, log, and verify consent explicitly before any processing,” he says. Recruiters accustomed to simple CV-to-ATS workflows will now operate within governed, transparent data pipelines, with every movement recorded for compliance. Sachin Alug, CEO of NLB Services, adds that the introduction of Consent Managers will create an additional checkpoint during screening, particularly for background verification and external assessments. He notes that the core sourcing mechanisms will remain intact, but consent-driven stages will now require clearer communication and tighter alignment with candidates.
Will hiring slow down? Experts disagree
The question of whether hiring cycles will slow down has sparked mixed views. Mallick expects a temporary slowdown of around 10 to 15 percent as external consent routing introduces new handshakes. He believes the friction will ease as automated triggers and integrations mature over three to six months. Alug, meanwhile, says that the overall impact will vary because many HR processes fall under legitimate use and do not require repeated consent. Broader market cycles, he argues, will continue to influence hiring far more than compliance workflows.
Bhimrajka takes the opposite view, saying that once integrated, Consent Managers will actually speed up hiring. In her view, consent-driven databases mean recruiters will stop wasting time on outdated or disengaged profiles. “Recruiters will access fresher, actively consenting talent pools that convert faster,” she says, adding that automated approvals and cleaner communication logs will reduce back-and-forth and make closures more predictable.
Only 10–35 percent of Indian organisations are DPDP-ready
While the compliance shift is underway, the industry’s readiness gap is stark. Bhimrajka estimates that only 10 to 15 percent of Indian organisations can currently be considered fully DPDP-ready. Mallick places the figure higher, at 25 to 35 percent, largely concentrated in regulated sectors. Alug’s estimate stands at around 20 to 22 percent. Across these assessments, a common picture emerges: large enterprises in BFSI, telecom, and IT services are ahead, while the vast majority of mid-sized firms, SMEs, and traditional industries lack the audit trails, retention systems, and infrastructure needed for full compliance. Even among prepared companies, much of the readiness exists on paper, not in fully operational workflows.
Consent withdrawal will rise, but so will clarity
As employees and candidates become more aware of their rights, experts expect a rise in consent withdrawal requests and disputes. Alug says organisations should prepare for more grievances, especially in areas where consent was taken out of convenience rather than necessity. He notes that legitimate grounds such as payroll or performance reviews will remain unaffected, but any activity dependent on explicit consent could face hurdles.
Mallick expects disputes to rise by as much as 20 to 30 percent, noting that verification discrepancies have already gone up. Bhimrajka frames the change more optimistically. She argues that withdrawal mechanisms will not create instability, but clarity. “Today, drop-offs happen silently. With a formal withdrawal mechanism, exits become deliberate, time-stamped actions, not guesswork,” she says. This visibility, she believes, will actually reduce wasted recruiter effort and allow teams to focus on high-intent candidates.
Consent Managers will not replace HRMS, but they will pressure them to evolve
The rise of Consent Managers has also sparked questions about whether they will reduce the centrality of HRMS platforms. Alug disagrees with this concern, stating that HRMS systems will remain the primary environment for employee data, payroll, attendance, and performance. Consent Managers will operate alongside them, managing the governance layer rather than the operational one. Bhimrajka echoes this, noting that HRMS vendors will now be pushed to evolve. Those that can integrate consent APIs, revocation workflows, and immutable audit logs will gain a significant advantage. Mallick believes HRMS systems will see a redistribution of responsibilities, with consent and audit-heavy functions shifting to Consent Managers, while core workflows remain within HRMS.
A two-year countdown to India’s new data order
The road ahead will require both cultural and infrastructural evolution. Bhimrajka predicts that by 2027, around 60 to 70 percent of large firms and 30 to 40 percent of mid-sized companies will achieve full DPDP operational readiness. This includes automated consent workflows, retention policies, revocation systems, and compliant data-sharing frameworks across vendors. In her view, compliance will no longer be a checkbox exercise but a marker of trust and accountability in the hiring market. Companies that move early, she says, will differentiate themselves in talent attraction and retention.
India’s hiring ecosystem is entering a new era where candidate data rights, not legacy databases, determine the power dynamics of recruitment. Consent Managers will fundamentally rewrite how information is collected, reused, and governed. But with a majority of the industry still unprepared for DPDP’s audit-heavy future, the next two years will become a decisive countdown. Those who overhaul their systems now will emerge as trust-first employers. Those who do not may find themselves struggling to compete in India’s new consent-driven data order.
