Consent Manager vs Consent Management Platform: The DPDP Act Distinction
A Consent Manager is a registered legal entity. A consent management platform is software. The DPDP Act treats them differently, and so should your budget.
DPDP Intelligence
Practical guidance for compliance teams navigating India's DPDP Act 2023. Every article is structured for implementation, not comprehension theatre.
Free DPDP Tools
Score your position across five compliance areas and receive a PDF report in minutes.
Open toolWork through 26 controls mapped to the DPDP Act, tracked in your browser.
Open toolModel your exposure across the stacking DPDP penalty tiers.
Open toolEnforcement milestones, rule notifications, and deadline analysis.
One email when it matters, no more.
A Consent Manager is a registered legal entity. A consent management platform is software. The DPDP Act treats them differently, and so should your budget.
The DPDP Rules 2025 were notified on 13 November 2025. What is in force now, what starts in November 2026, and what waits for May 2027. Status as of July 2026.
What DPDP Act 2023 compliance actually costs an Indian business in 2026, by company size: software, implementation, audit, DPO, and ongoing operations.
Step-by-step guide to Consent Manager registration under the DPDP Act: eligibility, the Rs 2 crore net worth gate, documents, and the application process.
The NHA Health Data Management Policy mandates 8-year patient record retention. The DPDP Act grants erasure rights. How hospitals resolve the conflict, fix admission consent, and govern ABDM data.
Bundled consent, a single accept-all checkbox covering every purpose, fails Section 6 of the DPDP Act 2023. This is why it is non-compliant, what counts as a dark pattern, and how to redesign the flow into purpose-separated consent.
Eight DPDP compliance platforms compared by buyer type: Privy, Consentin, Perfios, CookieYes, KavachOne, Complynz, OneTrust, ConsentOS. Pick by obligation, not by feature list.
RBI requires 5-year KYC retention. The DPDP Act grants erasure rights. Section 8(7) decides which wins. How banks resolve the conflict field by field.
The RBI Business Conduct Directions on consent took effect July 1, 2026. What banks and NBFCs must already have in place, alongside Advisory 3/2026.
Most SaaS companies are both: Data Fiduciary for their own customer data, Data Processor for client data. What each role demands under the DPDP Act 2023.
MeitY proposed in January 2026 to compress the Significant Data Fiduciary compliance window from 18 months to 12 months. If gazetted, large-volume data processors face a November 2026 deadline, not May 2027. Here is what SDF status means and how to know if it applies to your organisation.
How NBFCs reconcile DPDP Act 2023 with RBI KYC retention, PMLA record-keeping, CIBIL consent and FIU-IND reporting. Legal Obligation Override explained.
The RBI and PMLA mandate five-year KYC retention. The DPDP Act requires erasure on request. For Indian fintechs and NBFCs, these obligations are in direct conflict. This article explains the Legal Obligation Override framework that resolves both simultaneously.
Step-by-step guide to auditing and documenting personal data flows for India's DPDP Act. The data inventory is the foundation of every DPDP compliance programme.
How a fintech complies with the DPDP Act 2023: data inventory across payment flows, purpose-specific consent, security safeguards, and breach readiness, alongside RBI data localisation mandates.
How the DPDP Act 2023 affects e-commerce operations in India, from cookie consent and marketing communications to cross-border data transfers and customer rights.
How the DPDP Act 2023 applies to health data processing, ABDM interoperability, telemedicine platforms, and clinical trial consent requirements in India.
A practical guide to DPDP Act 2023 penalty tiers, how penalties are calculated, and how to use risk assessment to quantify your organisation's exposure.
Yes. The DPDP Act 2023 omits IT Act 2000 Section 43A and supersedes the SPDI Rules 2011. What changes for your consent, penalties, and obligations.
A DPDP Act 2023 privacy notice in all 22 Eighth Schedule languages: required disclosures, purpose, rights, grievance contact. Compliant template included.
The DPDP Act 2023 makes consent the legal foundation for data processing. This is what valid consent requires, how withdrawal works, and what your systems must support.
Access, correction, erasure, grievance, and nominee rights under the DPDP Act 2023: the response deadlines a Data Fiduciary must meet, with ready-to-use request templates.
The DPDP Act imposes 7 obligations on every Data Fiduciary, with penalties reaching ₹250 crore at the top tier. What each obligation requires, section by section.
India's Digital Personal Data Protection Act 2023 decoded: 7 obligations for every Data Fiduciary, 8 rights for Data Principals, penalties up to ₹250 crore.
Every breach must reach the Data Protection Board in 72 hours and CERT-In in 6. No materiality threshold. The penalty for missed notification: ₹200 crore.
Audit your DPDP Act 2023 posture against 43 controls, then sequence remediation across five months to the November 2026 Consent Manager deadline.
₹200 crore per violation. Section 9 of the DPDP Act bans tracking, behavioural profiling, and targeted ads aimed at under-18s, even with parental consent, and requires verifiable parental consent before any processing begins.
A breakdown of every penalty provision in the DPDP Act 2023. Understand the financial exposure, the enforcement mechanism, and what triggers each penalty tier.
Most companies do not need to register. Who does, the 13 November 2026 deadline, the Rs 2 crore net worth test, and what Sections 6(7) to 6(9) require.
Every DPDP Act date: Rules notified Nov 2025, Consent Manager registration Nov 2026, penalty enforcement May 2027. Plan your compliance timeline.
Both laws protect personal data. They differ in scope, consent models, penalty structures, and cross-border transfer rules. This is what multinational companies operating in India need to know.
SDF designation under Section 10 of the DPDP Act triggers a DPO in India, data protection impact assessments, and independent audits. Who qualifies and how to prepare.
Structured approach to building a data protection program that meets India's DPDP Act 2023 requirements. From gap assessment through operational compliance in 90 days.