The DPDP rules are getting closer to becoming a reality soon!

The much-awaited implementation of the Digital Personal Data Protection (DPDP) Act is getting closer to become a reality as inter-ministerial consultations on the draft rules concluded on Tuesday with the home ministry's approval. The ministry of electronics and information technology (MeitY) is now set to release the draft rules for public consultation, setting the stage for their eventual notification and phased implementation.

The clearance marks a significant milestone, as the DPDP Act, passed over 16 months ago, has remained inoperative pending finalization of its rules. The delay has left key provisions - ensuring data privacy, enforcing data minimization and purpose limitations, and imposing penalties for violations - unrealized.

The final rules will address critical aspects of the Act, which includes user consent mechanisms, data handling procedures, and compliance timelines. The transition period for companies to adapt to the new regulatory framework is expected to range from 18 to 24 months. This is more or less in line with global practices, which allow 12 to 30 months for similar overhauls.

Some ministries had earlier cited challenges in setting up mechanisms for seeking user consent and requested additional time to transition to the new system.

Once implemented, the Act will empower consumers with greater control over their data. Companies handling user data will be required to disclose the information they possess, enabling uses to request its deletion or specify usage preferences.