Complete Guide to DPDPA 2023 for Indian Websites
India's Digital Personal Data Protection Act 2023 (DPDPA) is a landmark privacy law that affects every website processing personal data of Indian residents.
What is DPDPA 2023?
The Digital Personal Data Protection Act 2023 is India's comprehensive data protection legislation. It establishes rules for how organizations (called "Data Fiduciaries") must collect, process, and protect personal data of Indian citizens.
Key Requirements for Websites
**1. Consent must be free, specific, informed, unconditional, and unambiguous**
This means your cookie consent banner cannot use dark patterns. Pre-ticked boxes are prohibited. Users must actively opt in.
**2. Purpose must be clearly specified**
You must tell users exactly why you're collecting their data before you collect it. Vague descriptions like "improving your experience" are not sufficient.
**3. Consent withdrawal must be as easy as giving consent**
If a user consented to marketing cookies, they must be able to withdraw that consent just as easily.
**4. Vernacular language support**
The Act requires that consent notices be available in languages specified in the Eighth Schedule of the Indian Constitution.
How CookieSeal Helps
CookieSeal was built with DPDPA 2023 compliance as a first-class requirement:
- ✅ Granular consent per cookie category - ✅ Easy withdrawal mechanism - ✅ Purpose specification for each cookie - ✅ Consent records with timestamps - ✅ Multi-language banner support
Get started with CookieSeal's free plan and be DPDPA compliant in minutes.