Resources & Support

Everything you need to understand and exercise your data rights

E-Commerce Account Takeover

An online retailer collects your address without consent

Applicable Rights:

Right to Clear NoticeRight to Withdraw ConsentRight to Erasure

Action: Request they provide notice and delete unauthorized data

Gaming Account for Child

Game collects child data without parental consent

Applicable Rights:

Children's Data ProtectionRight to Withdraw Consent

Action: Contact Data Protection Board for unauthorized collection

Social Media Data Breach

Platform suffers breach exposing millions of accounts

Applicable Rights:

Right to Clear NoticeRight to Grievance Redressal (possible penalties via Board)

Action: If the company fails to notify affected users without delay and/or fails to report the breach to the Data Protection Board within 72 hours, you may submit a grievance to the Board.

Note: The 72-hour deadline applies to the Data Protection Board; user notification must happen without undue delay.

Incorrect Credit Report

Financial institution has wrong information about you

Applicable Rights:

Right to CorrectionRight to Access

Action: Request correction and get updated documents

DPDP Act, 2023 and its Rules, 2025 – India’s digital personal data protection framework

Key definitions and terms from the official legal text.
Note: Offline personal data is not covered by the Rules — only digital personal data is within scope.

Personal Data

Any data about an individual who is identifiable by or in relation to such data.

Consent

Free, specific, informed, unconditional and unambiguous indication of wishes by which the Data Principal agrees to the processing of her personal data.

Data Principal

The individual to whom the personal data relates. Includes parents/guardians for children and persons with disabilities.

Data Fiduciary

Any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data.

Data Processor

Any person who processes personal data on behalf of a Data Fiduciary.

Data Breach

Unauthorized access, disclosure, or loss of personal data

DPDP Rules

Digital Personal Data Protection Rules, 2025 - India's data privacy law

Right to Erasure

Your right to request permanent deletion of your personal data

Significant Data Fiduciary

A Data Fiduciary designated by the Central Government based on volume/sensitivity of data or risk of harm.

Consent Manager

A person registered with the Board who enables a Data Principal to give, manage, review and withdraw consent through an accessible platform.

Data Protection Board

The Board established by the Central Government under section 18 of the Act to adjudicate disputes and enforce the law.

Personal Data Breach

A breach of digital personal data under the control of a Data Fiduciary that leads to, or is likely to lead to, harm to a Data Principal (Rule 2(1)(n)).

Verifiable Parental Consent

Consent obtained from the parent or lawful guardian of a child (under 18 years) or person with disability.