India's Data Privacy Law FINALIZED! 🚨 New Rules Mean 1-Year Data Lock for ALL Your Info! What You MUST Know!
Tech
|
Updated on 14th November 2025, 10:42 AM
Author
Aditi Singh | Whalesbook News Team
Crux:
India's government has finalized the Digital Personal Data Protection Rules, 2025, with a phased implementation starting now. Key changes include separate rules for children's and disabled persons' data, and a significant new mandate requiring businesses to retain all personal data, traffic data, and logs for at least one year, even after account deletion.
â–¶
Detailed Coverage:
The Central government has officially notified the Digital Personal Data Protection Rules, 2025. While some provisions like definitions and the Data Protection Board structure are effective immediately (November 13, 2025), others have staggered start dates. Consent manager rules begin in November 2026, and the core compliance requirements, including notices and data security, will take effect in May 2027. A notable departure from the draft rules is the separation of provisions for children's data consent (Rule 10) and consent for persons with disabilities (Rule 11). The rules also clarify the national security non-disclosure clause.
The most impactful change is the new Rule 8(3), which mandates a compulsory one-year retention of all personal data, traffic data, and logs generated during any processing activity. This applies universally, even after a user deletes their account or data, and is intended for oversight and investigation purposes. This significantly expands retention obligations beyond what was in the draft.
Impact This new regulation will impose substantial compliance burdens on businesses operating in India, particularly concerning data storage, management, and security. Companies will face increased operational costs and potential liabilities related to data handling and retention. The strict retention period means more data to secure and manage, impacting digital infrastructure and cybersecurity strategies. Data fiduciaries must adapt their systems to comply with these extended storage requirements, potentially facing penalties for non-compliance. Rating: 8/10. Difficult Terms: Data Fiduciary: An entity that determines the purpose and means of processing personal data. Data Principal: The individual whose personal data is processed. Consent Manager: A regulated entity that facilitates obtaining and managing consent for data processing. Data Protection Board (DPB): The regulatory body responsible for enforcing data protection laws.
Brokerage Reports Sector
Laxmi Dental Beats Revenue Expectations! But US Tariffs & Competition Dent Profits? Motilal Oswal's INR 410 Target Revealed!
Thermax Stock Surge Alert? Analyst Upgrades Rating, Reveals New Price Target After Correction!
Triveni Turbine Stock CRUMBLES! Brokerage Slashes Target by 6.5% – What Investors MUST Know NOW!
BUY Signal! Motilal Oswal Boosts Ellenbarrie Industrial Gases Target to ₹610 – Is This Your Next Big Investment?
Gujarat Gas Surge Ahead? Motilal Oswal Sets Bold ₹500 Target – What Investors MUST Know!
Motilal Oswal's Bold Call: Cello World Stock Set for Major Gains! BUY Rating Maintained!
Startups/VC Sector
Codeyoung Raises $5 Million! Bengaluru EdTech Giant Gears Up for Global AI-Powered Learning Expansion
