DPDP Act
Also known as: Digital Personal Data Protection Act · DPDP Act 2023 · India DPDP
The Digital Personal Data Protection Act, 2023 (DPDP) is India's national data-protection law. It introduces consent-based processing of personal data, the role of Data Fiduciary, breach notification to the Data Protection Board, and cross-border transfer restrictions to a notified list of countries. TantraDev builds DPDP-aligned consent capture and audit logging into Indian-data products by default — the law's compliance window is narrowing.
Concepts that travel with this one.
Architecture rarely lives in isolation — these are the terms that come up in the same conversation.
GDPR
The General Data Protection Regulation (GDPR) is the European Union's data-protection law. The architectural levers it imposes are consent capture, data minimisation, the right to erasure, breach notification within 72 hours, and Data Protection Impact Assessments for high-risk processing. For TantraDev's clients serving EU users, GDPR shapes data residency, processor-controller contracts (DPAs), and the audit-logging granularity around personal data.
RBI Tech Guidelines
The Reserve Bank of India publishes binding technology requirements for regulated entities — Master Directions on IT governance, the Digital Lending Guidelines (2022), the Payment Aggregator/Gateway licensing framework, and the IT Outsourcing Direction. The combined regime dictates data localisation, vendor-risk posture, incident reporting timelines, and audit trails for any FinTech operating under an Indian payment or lending licence.
Building a system where DPDP Act is the load-bearing decision?
30 minutes on the phone, one page in your inbox — what to build, what to skip, what it will cost. You keep the audit even if we are not the right fit.