DPDP Primer

DPDP Primer

DPDP Primer

A Practical Guide to India’s Data Protection Act

A Practical Guide to India’s Data Protection Act

From Policy to Practice: The Definitive Roadmap for DPDP Compliance

From Policy to Practice: The Definitive Roadmap for DPDP Compliance

From Policy to Practice: The Definitive Roadmap for DPDP Compliance

India’s Digital Personal Data Protection (DPDP) Act, 2023, and the accompanying 2025 Rules have established a new standard for data governance. Compliance now requires more than just legal documentation; it demands demonstrable evidence, active workflows, and robust technical controls.

India’s Digital Personal Data Protection (DPDP) Act, 2023, and the accompanying 2025 Rules have established a new standard for data governance. Compliance now requires more than just legal documentation; it demands demonstrable evidence, active workflows, and robust technical controls.

Published by the DPO Club, The DPDP Primer is an implementation guide designed for professionals tasked with translating legal requirements into operational actions. It moves beyond theoretical commentary to provide a practical framework for day-to-day decision-making.

Published by the DPO Club, The DPDP Primer is an implementation guide designed for professionals tasked with translating legal requirements into operational actions. It moves beyond theoretical commentary to provide a practical framework for day-to-day decision-making.

Authors

  • Col. Binoj Koshy

    Vice President - Tsaaro Cyber, Tsaaro Consulting

    Colonel Binoj Koshy, Vice President of Tsaaro Cyber, brings three decades of distinguished leadership from the Indian Army and UIDAI. A privacy evangelist and cybersecurity expert, he specializes in India's DPDP Law, digital transformation, and building robust systems to proactively counter emerging cyber threats.

  • Col. Binoj Koshy

    Vice President - Tsaaro Cyber, Tsaaro Consulting

    Colonel Binoj Koshy, Vice President of Tsaaro Cyber, brings three decades of distinguished leadership from the Indian Army and UIDAI. A privacy evangelist and cybersecurity expert, he specializes in India's DPDP Law, digital transformation, and building robust systems to proactively counter emerging cyber threats.

  • Supratim Chakraborty

    Partner, Khaitan & Co

    Supratim, Partner and Co-lead of Privacy and Data Protection at Khaitan & Co, is an award-winning technology lawyer. Recognized in the ET 40 Under 40, he directly advised the Government of India on the DPDP Act 2023 and routinely guides global corporations on privacy compliance and risk mitigation.

  • Supratim Chakraborty

    Partner, Khaitan & Co

    Supratim, Partner and Co-lead of Privacy and Data Protection at Khaitan & Co, is an award-winning technology lawyer. Recognized in the ET 40 Under 40, he directly advised the Government of India on the DPDP Act 2023 and routinely guides global corporations on privacy compliance and risk mitigation.

  • Sajai Singh

    Partner, J. Sagar Associates

    Sajai is an acclaimed transactional lawyer with over 32 years of experience guiding overseas investments into India. His broad practice focuses on cross-border M&A, joint ventures, and financings. He provides comprehensive solutions that seamlessly bridge complex legal, technical, and commercial challenges across diverse industries.

  • Sajai Singh

    Partner, J. Sagar Associates

    Sajai is an acclaimed transactional lawyer with over 32 years of experience guiding overseas investments into India. His broad practice focuses on cross-border M&A, joint ventures, and financings. He provides comprehensive solutions that seamlessly bridge complex legal, technical, and commercial challenges across diverse industries.

  • Rohan Bagai

    Senior Partner, AZB & Partners

    Rohan Bagai, Senior Partner at AZB & Partners, leverages 18+ years of TMT experience focusing on Privacy, Fintech, and AI. Highly ranked in global legal directories, he leads large-scale DPDP compliance programs and advises top financial institutions on complex data governance, AI privacy, and enforcement matters.

  • Rohan Bagai

    Senior Partner, AZB & Partners

    Rohan Bagai, Senior Partner at AZB & Partners, leverages 18+ years of TMT experience focusing on Privacy, Fintech, and AI. Highly ranked in global legal directories, he leads large-scale DPDP compliance programs and advises top financial institutions on complex data governance, AI privacy, and enforcement matters.

  • Lalit Kumar

    Principal Security Architect, Amazon Web Services (AWS)

    Lalit Kumar, a distinguished AWS security leader with over 20 years of experience, drives enterprise digital transformation. Partnering with CxOs across sectors, he navigates complex regulatory landscapes, leveraging proven expertise in cloud architecture and capacity building to secure Critical Information Infrastructure.

  • Lalit Kumar

    Principal Security Architect, Amazon Web Services (AWS)

    Lalit Kumar, a distinguished AWS security leader with over 20 years of experience, drives enterprise digital transformation. Partnering with CxOs across sectors, he navigates complex regulatory landscapes, leveraging proven expertise in cloud architecture and capacity building to secure Critical Information Infrastructure.

  • Himanshu Gautam

    Founder & CEO, GoTrust

    Himanshu, a technology leader with 18 years of experience, drives digital transformation and product innovation. Leading ventures like GoTrust and AppVin Technologies, he builds scalable platforms that automate data privacy workflows and global compliance, empowering organizations to foster trust and operational efficiency in a secure digital ecosystem.

  • Himanshu Gautam

    Founder & CEO, GoTrust

    Himanshu, a technology leader with 18 years of experience, drives digital transformation and product innovation. Leading ventures like GoTrust and AppVin Technologies, he builds scalable platforms that automate data privacy workflows and global compliance, empowering organizations to foster trust and operational efficiency in a secure digital ecosystem.

  • Kapil Chaudhary

    Partner, Dentons Link Legal

    Kapil Chaudhary, TMT Partner at Dentons Link Legal, leverages over 25 years of experience, including leadership roles at IBM and Twitter. He specializes in AI governance, cybersecurity, and digital regulation, providing global boards and CEOs with practical, operator-led guidance to navigate complex legal challenges and foster sustainable innovation.

  • Kapil Chaudhary

    Partner, Dentons Link Legal

    Kapil Chaudhary, TMT Partner at Dentons Link Legal, leverages over 25 years of experience, including leadership roles at IBM and Twitter. He specializes in AI governance, cybersecurity, and digital regulation, providing global boards and CEOs with practical, operator-led guidance to navigate complex legal challenges and foster sustainable innovation.

  • Dhruv Suri

    Partner, PSA

    Dhruv Suri, Partner at PSA, leads the TMT and Disputes practices. An award-winning tech-law practitioner with an LL.M. from Columbia, he specializes in data privacy, AI governance, and technology disputes. He advises global leaders across diverse sectors and actively shapes AI policy on the Advisory Board of ContentLens.ai.

  • Dhruv Suri

    Partner, PSA

    Dhruv Suri, Partner at PSA, leads the TMT and Disputes practices. An award-winning tech-law practitioner with an LL.M. from Columbia, he specializes in data privacy, AI governance, and technology disputes. He advises global leaders across diverse sectors and actively shapes AI policy on the Advisory Board of ContentLens.ai.

  • Ashish Adhikari

    Principal PM Manager, Microsoft

    Ashish brings over 27 years of global engineering and consulting experience to the cybersecurity landscape. Currently at Microsoft Security, he builds software to safeguard the digital economy. An accomplished author and collaborator with governments and universities, he specializes in digital transformation risks and India's DPDP Act.

  • Ashish Adhikari

    Principal PM Manager, Microsoft

    Ashish brings over 27 years of global engineering and consulting experience to the cybersecurity landscape. Currently at Microsoft Security, he builds software to safeguard the digital economy. An accomplished author and collaborator with governments and universities, he specializes in digital transformation risks and India's DPDP Act.

  • Anshu Singal

    Data Protection Officer

    Anshu Singal brings over 22 years of expertise in building robust IT GRC and compliance functions for startups and agile organizations. A strategic leader specializing in global privacy frameworks, she notably represented Yatra in high-level government discussions shaping India's e-commerce and data protection policies.

  • Anshu Singal

    Data Protection Officer

    Anshu Singal brings over 22 years of expertise in building robust IT GRC and compliance functions for startups and agile organizations. A strategic leader specializing in global privacy frameworks, she notably represented Yatra in high-level government discussions shaping India's e-commerce and data protection policies.

  • Anindya Majumdar

    Eureka Forbes

    Anindya Majumdar, General Counsel & DPO at Eureka Forbes, is an accomplished legal expert with an LL.M. in Corporate Law. Leveraging senior experience from Honeywell and Reliance, he specializes in data privacy compliance, litigation, and blending legal strategy with business acumen to drive organizational resilience.

  • Anindya Majumdar

    Eureka Forbes

    Anindya Majumdar, General Counsel & DPO at Eureka Forbes, is an accomplished legal expert with an LL.M. in Corporate Law. Leveraging senior experience from Honeywell and Reliance, he specializes in data privacy compliance, litigation, and blending legal strategy with business acumen to drive organizational resilience.

  • Akarsh Singh A

    CEO, Tsaaro Consulting

    Akarsh Singh A., CEO and Co-founder of Tsaaro Consulting, leverages over seven years of privacy and cybersecurity expertise. An IAPP Bangalore Co-Chair and former KPMG professional, he guides global enterprises through GDPR and DPDPA compliance using practical, outcomes-led governance frameworks and his PrivacyCast podcast.

  • Akarsh Singh A

    CEO, Tsaaro Consulting

    Akarsh Singh A., CEO and Co-founder of Tsaaro Consulting, leverages over seven years of privacy and cybersecurity expertise. An IAPP Bangalore Co-Chair and former KPMG professional, he guides global enterprises through GDPR and DPDPA compliance using practical, outcomes-led governance frameworks and his PrivacyCast podcast.

  • Col. Binoj Koshy

    Vice President - Tsaaro Cyber, Tsaaro Consulting

    Colonel Binoj Koshy, Vice President of Tsaaro Cyber, brings three decades of distinguished leadership from the Indian Army and UIDAI. A privacy evangelist and cybersecurity expert, he specializes in India's DPDP Law, digital transformation, and building robust systems to proactively counter emerging cyber threats.

  • Supratim Chakraborty

    Partner, Khaitan & Co

    Supratim, Partner and Co-lead of Privacy and Data Protection at Khaitan & Co, is an award-winning technology lawyer. Recognized in the ET 40 Under 40, he directly advised the Government of India on the DPDP Act 2023 and routinely guides global corporations on privacy compliance and risk mitigation.

  • Sajai Singh

    Partner, J. Sagar Associates

    Sajai is an acclaimed transactional lawyer with over 32 years of experience guiding overseas investments into India. His broad practice focuses on cross-border M&A, joint ventures, and financings. He provides comprehensive solutions that seamlessly bridge complex legal, technical, and commercial challenges across diverse industries.

  • Rohan Bagai

    Senior Partner, AZB & Partners

    Rohan Bagai, Senior Partner at AZB & Partners, leverages 18+ years of TMT experience focusing on Privacy, Fintech, and AI. Highly ranked in global legal directories, he leads large-scale DPDP compliance programs and advises top financial institutions on complex data governance, AI privacy, and enforcement matters.

  • Lalit Kumar

    Principal Security Architect, Amazon Web Services (AWS)

    Lalit Kumar, a distinguished AWS security leader with over 20 years of experience, drives enterprise digital transformation. Partnering with CxOs across sectors, he navigates complex regulatory landscapes, leveraging proven expertise in cloud architecture and capacity building to secure Critical Information Infrastructure.

  • Himanshu Gautam

    Founder & CEO, GoTrust

    Himanshu, a technology leader with 18 years of experience, drives digital transformation and product innovation. Leading ventures like GoTrust and AppVin Technologies, he builds scalable platforms that automate data privacy workflows and global compliance, empowering organizations to foster trust and operational efficiency in a secure digital ecosystem.

  • Kapil Chaudhary

    Partner, Dentons Link Legal

    Kapil Chaudhary, TMT Partner at Dentons Link Legal, leverages over 25 years of experience, including leadership roles at IBM and Twitter. He specializes in AI governance, cybersecurity, and digital regulation, providing global boards and CEOs with practical, operator-led guidance to navigate complex legal challenges and foster sustainable innovation.

  • Dhruv Suri

    Partner, PSA

    Dhruv Suri, Partner at PSA, leads the TMT and Disputes practices. An award-winning tech-law practitioner with an LL.M. from Columbia, he specializes in data privacy, AI governance, and technology disputes. He advises global leaders across diverse sectors and actively shapes AI policy on the Advisory Board of ContentLens.ai.

  • Ashish Adhikari

    Principal PM Manager, Microsoft

    Ashish brings over 27 years of global engineering and consulting experience to the cybersecurity landscape. Currently at Microsoft Security, he builds software to safeguard the digital economy. An accomplished author and collaborator with governments and universities, he specializes in digital transformation risks and India's DPDP Act.

  • Anshu Singal

    Data Protection Officer

    Anshu Singal brings over 22 years of expertise in building robust IT GRC and compliance functions for startups and agile organizations. A strategic leader specializing in global privacy frameworks, she notably represented Yatra in high-level government discussions shaping India's e-commerce and data protection policies.

  • Anindya Majumdar

    Eureka Forbes

    Anindya Majumdar, General Counsel & DPO at Eureka Forbes, is an accomplished legal expert with an LL.M. in Corporate Law. Leveraging senior experience from Honeywell and Reliance, he specializes in data privacy compliance, litigation, and blending legal strategy with business acumen to drive organizational resilience.

  • Akarsh Singh A

    CEO, Tsaaro Consulting

    Akarsh Singh A., CEO and Co-founder of Tsaaro Consulting, leverages over seven years of privacy and cybersecurity expertise. An IAPP Bangalore Co-Chair and former KPMG professional, he guides global enterprises through GDPR and DPDPA compliance using practical, outcomes-led governance frameworks and his PrivacyCast podcast.

Key Topics Covered

Key Topics Covered

Key Topics Covered

Structured to align with the lifecycle of personal data, this book connects legal mandates with engineering and business realities.

Structured to align with the lifecycle of personal data, this book connects legal mandates with engineering and business realities.

Structured to align with the lifecycle of personal data, this book connects legal mandates with engineering and business realities.

Engineering Compliance

Engineering Compliance

Actionable guidance for IT and Security teams on embedding privacy directly into system architecture.

Actionable guidance for IT and Security teams on embedding privacy directly into system architecture.

Actionable guidance for IT and Security teams on embedding privacy directly into system architecture.

Global Integration

Global Integration

Best practices for adapting existing GDPR frameworks to meet India’s specific DPDP requirements.

Best practices for adapting existing GDPR frameworks to meet India’s specific DPDP requirements.

Best practices for adapting existing GDPR frameworks to meet India’s specific DPDP requirements.

Crisis Management

Crisis Management

Ready-to-use templates for breach response and preparation for Data Protection Board inquiries.

Ready-to-use templates for breach response and preparation for Data Protection Board inquiries.

Ready-to-use templates for breach response and preparation for Data Protection Board inquiries.

Operational Workflows

Operational Workflows

Strategies for handling the 3-year inactivity rule, Consent Manager APIs, and user rights redressal.

Strategies for handling the 3-year inactivity rule, Consent Manager APIs, and user rights redressal.

Strategies for handling the 3-year inactivity rule, Consent Manager APIs, and user rights redressal.

High-Risk Processing

High-Risk Processing

Clear steps for managing Significant Data Fiduciary (SDF) obligations and Verifiable Parental Consent.

Clear steps for managing Significant Data Fiduciary (SDF) obligations and Verifiable Parental Consent.

Clear steps for managing Significant Data Fiduciary (SDF) obligations and Verifiable Parental Consent.

Subscribe to Our Newsletter

Join over 4,000+ startups already growing with CoreAI.

Subscribe to Our Newsletter

Join over 400+ startups already growing with CoreAI.

Subscribe to Our Newsletter

Join over 4,000+ startups already growing with CoreAI.

Subscribe to Our Newsletter

Join over 400+ startups already growing with CoreAI.