Digital Personal Data Protection Act 2023 received presidential assent on August 11, 2023, replacing the Information Technology Act's data protection provisions. It establishes comprehensive framework for processing personal data with user consent, creates Data Protection Board as regulatory authority, and introduces significant penalties up to ₹250 crores for violations. The Act applies to digital personal data processing within India and offshore processing related to goods/services offered to Indians. It balances individual privacy rights with legitimate business interests and government functions.

The DPDPA 2023 represents India's first comprehensive data protection legislation, addressing the Supreme Court's Puttaswamy judgment recognizing privacy as fundamental right. The Act introduces consent-based data processing requiring clear, specific user approval before collection. It establishes 'data fiduciary' (processor) and 'data principal' (individual) relationship with defined obligations and rights. Key provisions include data minimization (collect only necessary data), purpose limitation (use only for stated purpose), and data localization for sensitive categories. The Data Protection Board can impose penalties ranging from ₹10,000 to ₹250 crores based on violation severity. Exemptions exist for government processing for national security, law enforcement, and judicial functions. The Act significantly impacts digital businesses, requiring privacy-by-design approaches, mandatory breach notifications, and appointment of Data Protection Officers for significant data fiduciaries. International data transfers are permitted to notified countries ensuring adequate protection levels.