Blog & updates
DPDP, in plain English.
News, deadline reminders and guides for Indian website owners working through the DPDP Act.
Showing 13–17 of 17
Page 3 of 3
- Guide
Section 6 of the DPDP Act — how to actually implement "withdraw as easy as give"
Section 6 says withdrawing consent must be as easy as giving it. In practice, that breaks 9 out of 10 Indian websites. Here's the exact UX, the API surface, and the audit-log fields you need.
Read article
- Guide
The 72-hour breach report — a template for Indian Data Fiduciaries
Under the Rules, a detailed breach report to the Data Protection Board has to land within 72 hours. Here is a template, and the playbook for getting it filed without panicking.
Read article
- Update
DPDP Rules 2025 are notified — what actually changed for your website
MeitY notified the DPDP Rules on 13-14 November 2025 with an 18-month phased rollout. Here's a plain-English walk-through of what's new and what you should do this month.
Read article
- Guide
How to write a DPDP-style consent notice (with a template)
A DPDP consent notice is not a privacy policy. It is a specific, itemised list of what you collect, why, and how rights can be exercised. Here is what good looks like.
Read article
- Guide
Five cookie-consent dark patterns you have to stop using
A surprising number of Indian websites still use confused consent — pre-ticked boxes, hard-to-find reject buttons, "agree" buttons styled as the only choice. They are all DPDP risks.
Read article