India, Nov. 20 -- Startups Dread The New DPDP Regime

The Indian startup ecosystem is in a flux. The recently-notified Digital Personal Data Protection (DPDP) Rules has prompted costly overhauls of their privacy systems and lined up a long list of compliance demands. So, why has the new regime put smaller digital platforms on the edge?

The Cost of Compliance: The new rules demand strict and time-bound execution - 48-hour breach reporting (even mid-investigation), year-long data logs, automated deletion systems, and public channels for grievances. Penalties reach up to INR 250 Cr, identical for companies regardless of their size.

A Lopsided Regime? The new rules make no distinction between a garage startup and a global conglomerate. Whil...