The newly released Digital Personal Data Protection (DPDP) Rules, 2025 set out the framework for Consent Managers, who will act as regulated intermediaries between individuals and entities processing their personal data.
Notably, Rule 4, which establishes the registration and oversight framework for Consent Managers, will come into force on November 13, 2026. Until then, the wider regime will take effect in phases.
Under the consent manager-related rules, only companies incorporated in India are eligible to apply for registration, and they must demonstrate adequate technical, operational, and financial capacity.
Once operational, these platforms will enable people to centrally grant, review, manage, or withdraw consent for the use of their personal data across different data fiduciaries, including banks, insurers, and online platforms. Consequently, individuals will be able to control how their information is accessed without having to approach each organisation separately.
Furthermore, Rule 4 also specifies the Data Protection Board’s powers. The Board may verify an applicant’s compliance before granting registration, require additional information, and publish details of approved Consent Managers. Moreover, the Board may direct a Consent Manager to rectify non-adherence after providing an opportunity to be heard, or even suspend/cancel its registration to protect users’ interests.
Additionally, the rules further note that Consent Managers must avoid conflicts of interest, and maintain secure, unreadable data-transfer mechanisms while keeping records of consent activity.
Conditions For Registration As Consent Managers
The DPDP Rules (2025) introduce an exacting set of conditions for any organisation that wants to function as a Consent Manager. To begin with, the applicant must incorporate as a company in India and demonstrate sufficient technical, operational, and financial capacity to perform a Consent Manager’s functions.
Additionally, the rules go a step further: the company’s financial condition and the general character of its management must be sound, ensuring that only organisations with credible leadership can enter the ecosystem. Also, the applicant must have a minimum net worth of Rs 2 crore: a threshold designed to filter out under-capitalised entities.
Elsewhere, the rules require companies to demonstrate the volume of business they expect to handle, and their capital structure as well as earning prospects are adequate for sustained operations. Their directors, key managerial personnel, and senior management must also have a reputation for fairness and integrity, underscoring the trust-based nature of the role.
The governance structure must further embed safeguards. The company’s memorandum and articles of association (AoA) must explicitly commit to two obligations:
- preventing conflicts of interest with Data Fiduciaries, and
- putting internal measures in place to ensure that…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
