DPDP Act Consent Management Guide

Why Consent Management Matters

The DPDP Act 2023 requires explicit, informed consent before collecting personal data. Non-compliance can result in penalties up to ₹250 crore.

Consent Requirements

• Free: Consent cannot be a condition for service
• Specific: Purpose must be clearly stated
• Informed: What data, why, how long, who processes it
• Withdrawable: Users can withdraw consent anytime
• Recorded: System must record what, when, and which version

Implementation

• Define consent purposes for each data type collected
• Create clear consent notices in plain language
• Implement consent capture mechanism (checkboxes, forms)
• Store consent records with version stamps
• Provide easy withdrawal mechanism
• Respect withdrawal within 30 days