Indian startups must comply with DPDP Act no exemptions
Indian startups are hustling to get ready for the Digital Personal Data Protection (DPDP) Act, which takes effect on May 13, 2027.
The law covers how personal digital data is handled, and there's been a lot of confusion: many founders thought smaller businesses might be exempt.
Turns out, every business has to comply, no matter their size or revenue.
Startups struggle mapping personal data flows
Startups are struggling with tracking all the personal data they collect across different platforms.
Mapping where data goes and how it's used, especially by third parties, is proving tough.
AI-focused companies have it even harder since the DPDP Act bans using personal information without clear consent.
To keep up, many startups are updating privacy policies and third-party agreements.
Experts say getting compliant will take real effort and resources, so everyone needs to be ready before the May 2027 deadline rolls around.