The Digital Personal Data Protection Act (DPDPA) cannot be retrospective in nature, implying that its provisions will apply only to future instances of data processing and not to breaches or practices that occurred before the rules come into force, said Deepak Goel, Ministry of Electronics & Information Technology, Government of India.
Speaking to Moneycontrol in the sidelines at the Global Fintech Fest 2025, he said, while he cannot comment on the specific rules of the Act, he confirmed that the nature of the Act will not be retrospective in nature.
Several industry leaders that Moneycontrol spoke to in the past said they expect the rules of the Act to be put in place by November 2025. However, Goel remained tight lipped on the timeline.
The DPDPA, 2023, which received Presidential assent in August last year, lays down the framework for processing digital personal data in India and aims to safeguard individuals’ privacy while balancing business needs.
Although the Act is in place, the rules under it are yet to be notified, leaving several compliance and enforcement aspects unclear.
The clarification comes at a time when the insurance sector has witnessed multiple instances of data breaches, prompting concerns over the preparedness of financial institutions to comply with the upcoming law.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
