EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Recent Searches
Digital Data Protection Act rules notified by MEITY | Key highlights
The much-awaited Digital Personal Data Protection Act (DPDP Act) along with its Rules have been notified on 13 November 2025 by Ministry of Electronics & Information Technology (MEIT). These Rules provide guidance and clarification for operationalization of the DPDP Act 2023 and will come into force in a staggered approach.
Call to action is to immediately create the Data Protection Board (DPB), appoint Chairman and other members for ensuring governance and oversight. DPB will function as a digital office, notwithstanding their power to summon, examine on oath and adopt other techno-legal measures.
Interestingly, the definition of a “User Account” encompasses virtually all forms of a Data Principals’ online presence. Effective immediately, any online account registered by a Data Principal with a Data Fiduciary - including profiles, pages, handles, email address, mobile number and other similar presences, will fall under the purview of the DPDP Act and Rules.
Attached is a placemat providing key highlights of the Act and Rules, for your reference. Given the significant impact of the aforesaid regulation, it will be imperative for business entities to evaluate their technical & operational readiness to ensure compliance with this enacted law.
For further details, please contact:
Rajiv Chugh
Partner & National Leader – Policy Advisory & Speciality Services
Email: rajiv.chugh@in.ey.com
Ritika Loganey Gupta
Partner – Policy Advisory & Speciality Services
Email: ritika.gupta@in.ey.com