India, Dec. 29 -- With the notification of the Digital Personal Data Protection (DPDP) Rules 2025, India has switched on the full engine of its privacy framework, completing a reform nearly seven years in the making. This moment moves the country from policy intent to operational accountability. Privacy is no longer an abstract ideal but a performance expectation embedded into how organisations collect, use, and govern data.

The rules establish a citizen-first approach anchored in simplicity and enforceability. Rights to access, correction, erasure, and nomination are now codified, and consent must be clear, standalone, and purpose-specific. These measures reset the relationship between citizens and data fiduciaries, placing transparency...