{"id":14451,"date":"2025-08-24T10:35:20","date_gmt":"2025-08-24T05:05:20","guid":{"rendered":"https:\/\/blogs.enkash.com\/?p=14451"},"modified":"2025-12-15T14:20:14","modified_gmt":"2025-12-15T08:50:14","slug":"what-is-the-dpdp-act","status":"publish","type":"post","link":"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act","title":{"rendered":"What Is the DPDP Act and How It Impacts Indian Fintech Companies"},"content":{"rendered":"<h2><span class=\"ez-toc-section\" id=\"What-is-the-DPDP-Act\"><\/span>What is the DPDP Act?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The DPDP Act, or Digital Personal Data Protection Act, is India\u2019s primary law that governs how personal data should be collected, stored, processed, and protected in digital form. It was passed in August 2023 to give Indian citizens clear rights over their personal information and to set defined responsibilities for businesses, including fintech companies, digital lenders, payment apps, and financial institutions.<\/p>\n<p>Before the DPDP Act, India did not have a dedicated, modern data protection law that applied to digital personal data. Companies collected and used user information with limited accountability. The DPDP Act fills this gap by establishing a national framework that ensures transparency, consent-based data usage, stronger security controls, and significant penalties for misuse or data breaches.<\/p>\n<p>In simple terms, the DPDP Act tells companies what they can and cannot do with a person\u2019s digital data. It helps customers understand their rights and creates a compliance framework businesses must follow to operate responsibly within India\u2019s digital ecosystem.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"How-the-DPDP-Bill-2023-Became-the-DPDP-Act\"><\/span>How the DPDP Bill 2023 Became the DPDP Act<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The DPDP Bill 2023 was the final draft of India\u2019s data protection framework before it was passed in Parliament. It was built on earlier drafts released in 2018, 2019, and 2021 and was designed to create a simpler and more practical privacy law for India\u2019s digital environment. Once the Bill was approved by both Houses of Parliament in August 2023, it became the Digital Personal Data Protection Act 2023.<\/p>\n<p>While the Act was passed in 2023, the detailed compliance rules were later finalised through the Digital Personal Data Protection Rules, 2025, notified by the Ministry of Electronics and IT (MeitY) in the Official Gazette in November 2025. These Rules include requirements for notices and consent, breach reporting, cross-border data transfers, data retention timelines, and obligations for significant data fiduciaries.<\/p>\n<p>Because of these updates, the DPDP Bill 2023 is considered the legal foundation, and the DPDP Act 2023, together with the DPDP Rules 2025, now determine how businesses must comply. This two-step approach allows India to create a strong privacy law while giving companies time to adapt.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Key-Features-of-the-DPDP-Act\"><\/span>Key Features of the DPDP Act<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The DPDP Act translates its objectives into specific obligations and rights. Some of the most important features are listed below.<\/p>\n<h3>1. Consent Is the Core Requirement<\/h3>\n<p>Organisations must take clear and specific consent before collecting personal data. The consent request should be easy to understand and must explain the purpose of data collection. People should also be able to withdraw consent at any time without difficulty.<\/p>\n<h3>2. Purpose-Limited Data Use<\/h3>\n<p>Businesses can only use personal data for the purpose they shared at the time of collection. If the purpose changes, they need new consent. This ensures that companies do not use or repurpose customer information in unexpected ways.<\/p>\n<h3>3. Data Minimisation<\/h3>\n<p>Only the data necessary for providing a service should be collected. Fintech companies, for example, must collect only what is required for onboarding, KYC, risk checks, or transaction processing.<\/p>\n<h3>4. User Rights Over Personal Data<\/h3>\n<p>The DPDP Act gives individuals several rights, including the right to:<\/p>\n<ul>\n<li>Access their personal data<\/li>\n<li>Request corrections<\/li>\n<li>Request deletion when data is no longer needed<\/li>\n<li>File complaints if their data is misused<\/li>\n<\/ul>\n<p>These rights empower users to control how their information is handled.<\/p>\n<h3>5. Obligations for Data Fiduciaries<\/h3>\n<p>A data fiduciary is any organisation that decides how personal data will be used. They must:<\/p>\n<ul>\n<li>Maintain transparent privacy notices<\/li>\n<li>Implement strong security safeguards<\/li>\n<li>Ensure accurate and updated records<\/li>\n<li>Delete data once it is no longer needed<\/li>\n<li>Review vendor practices to ensure compliant handling of shared data<\/li>\n<\/ul>\n<p>Fintech companies fall under data fiduciaries due to the sensitive information they process.<\/p>\n<h3>6. Stricter Rules for Significant Data Fiduciaries<\/h3>\n<p>Some businesses may be classified as Significant Data Fiduciaries based on factors like data volume, sensitivity, or risk. They will have additional responsibilities such as:<\/p>\n<ul>\n<li>Appointing a Data Protection Officer<\/li>\n<li>Conducting regular data audits<\/li>\n<li>Carrying out risk assessments<\/li>\n<\/ul>\n<p>Fintechs and large digital platforms often fall into this category.<\/p>\n<h3>7. Data Protection Board of India<\/h3>\n<p>The Act establishes the Data Protection Board of India, an authority that investigates complaints, adjudicates violations, and imposes penalties as the main enforcement body under the DPDP Act.<\/p>\n<h3>8. High Penalties for Violations<\/h3>\n<p>Serious violations can attract penalties of up to 250 crore per category of violation. Repeated or severe non-compliance can result in higher cumulative penalties. This makes data protection a critical focus for all digital businesses.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"DPDP-Rules-2025\"><\/span>DPDP Rules 2025<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The DPDP Rules 2025 complete the operational structure of the Digital Personal Data Protection Act 2023. These rules define how organisations in India must collect, store, process, transfer, and retain personal data. They formalise compliance expectations for all data fiduciaries and introduce clear timelines, sector-specific exemptions, and defined security standards. Together, the Act and the Rules mark a major shift in India\u2019s digital regulatory ecosystem.<\/p>\n<h3>1. Phase-Wise Enforcement<\/h3>\n<p>The DPDP framework will be implemented in stages to give organisations sufficient time to adapt their processes and technology systems.<\/p>\n<p><strong>Phase I: Immediate Enforcement<\/strong><br \/>\nRules 1, 2, and 17 to 21 come into effect right away.<br \/>\nThese rules cover the scope of the law, core definitions, and foundational procedural requirements.<\/p>\n<p><strong>Phase II: Effective After One Year<\/strong><br \/>\nRule 4, which defines notice and consent obligations, becomes enforceable after one year.<br \/>\nThis gives companies enough time to redesign consent flows, update privacy notices, and create user-friendly consent withdrawal mechanisms.<\/p>\n<p><strong>Phase III: Effective After Eighteen Months<\/strong><br \/>\nRules 3, 5 to 16, 22, and 23 become effective in eighteen months.<br \/>\nThese rules form the core of the compliance framework and include requirements related to lawful processing, user rights, retention, cross-border transfers, grievance redressal, and the responsibilities of Significant Data Fiduciaries.<\/p>\n<p>The extended timeline allows organisations to complete technical upgrades and strengthen data governance.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Narrow-Exemptions-for-Specific-Institutions\"><\/span>Narrow Exemptions for Specific Institutions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The Fourth Schedule introduces limited exemptions for certain data fiduciaries when processing children\u2019s data. These exemptions apply only for essential purposes and do not allow unrestricted use.<\/p>\n<h3><strong>1. Healthcare Institutions<\/strong><\/h3>\n<p>Clinical establishments and healthcare professionals may process children\u2019s data only for essential health services or treatment support.<\/p>\n<h3><strong>2. Educational Institutions and Childcare Organisations<\/strong><\/h3>\n<p>Schools and childcare bodies may process personal data strictly for academic activities, administrative needs, or the safety and welfare of enrolled children. Any activity outside these essential purposes remains fully regulated.<\/p>\n<h3>3. Cross-Border Data Transfers<\/h3>\n<p>Personal data may be transferred outside India, subject to any restrictions or conditions that the Central Government may notify for specific countries or territories. Organisations must review whether their cloud providers, SaaS tools, analytics platforms, or cross-border partners are affected by these government notifications. Companies relying on international infrastructure must reassess their data storage and processing arrangements to ensure compliance.<\/p>\n<h3>4. Three-Year Retention Cap for Large Digital Platforms<\/h3>\n<p>Certain large platforms have a three-year retention limit from the user\u2019s last interaction (or Rules commencement, whichever is later). This includes: e-commerce entities with not less than 2 crore registered users, social media intermediaries with not less than 2 crore registered users, and online gaming intermediaries with not less than 50 lakh registered users.<\/p>\n<p>Even after older data is deleted, users must continue to have access to their accounts, stored value, and virtual tokens. This prevents long-term data storage while maintaining service continuity.<\/p>\n<h3>5. Additional Responsibilities for Significant Data Fiduciaries<\/h3>\n<p>Significant Data Fiduciaries, identified based on data volume, risk, or sensitivity, have stronger compliance obligations. They must complete an annual Data Protection Impact Assessment and an annual independent audit. These reviews ensure deeper oversight of entities that process high-risk or large-scale data.<\/p>\n<h3>6. Mandatory Security Controls<\/h3>\n<p>The Rules require all organisations to implement essential technical and organisational safeguards. These include encryption or pseudonymisation of data, strict role-based access controls, continuous monitoring and logging of system activity, prompt detection of unauthorised access, and reliable backup mechanisms. These safeguards establish a baseline for secure data handling.<\/p>\n<h3>7. Defined Responsibilities for Consent Managers<\/h3>\n<p>Consent Managers must operate transparently and with accountability. They are required to maintain a primary app or website for users to manage consent, avoid subcontracting their core functions, operate as a data fiduciary themselves, implement strong security controls, and ensure that their leadership structure avoids conflicts of interest. This framework ensures reliable consent management across platforms.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Difference-Between-the-DPDP-Act-and-GDPR\"><\/span><b>Difference Between the DPDP Act and GDPR<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The DPDP Act and the GDPR both aim to protect personal data, but they differ in scope, operational requirements, compliance burden, and enforcement approaches. The table below highlights the key differences.<\/span><\/p>\n<table class=\"mtr-table mtr-tr-td\">\n<tbody>\n<tr>\n<td data-mtr-content=\"Parameter\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><b>Parameter<\/b><\/div><\/td>\n<td data-mtr-content=\"DPDP Act (India)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><b>DPDP Act (India)<\/b><\/div><\/td>\n<td data-mtr-content=\"GDPR (European Union)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><b>GDPR (European Union)<\/b><\/div><\/td>\n<\/tr>\n<tr>\n<td data-mtr-content=\"Parameter\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Purpose<\/span><\/div><\/td>\n<td data-mtr-content=\"DPDP Act (India)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Protects digital personal data while supporting India\u2019s digital growth<\/span><\/div><\/td>\n<td data-mtr-content=\"GDPR (European Union)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Comprehensive data protection covering digital and non-digital data<\/span><\/div><\/td>\n<\/tr>\n<tr>\n<td data-mtr-content=\"Parameter\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Scope of Data<\/span><\/div><\/td>\n<td data-mtr-content=\"DPDP Act (India)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Applies only to digital personal data<\/span><\/div><\/td>\n<td data-mtr-content=\"GDPR (European Union)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Applies to both digital and manually processed personal data<\/span><\/div><\/td>\n<\/tr>\n<tr>\n<td data-mtr-content=\"Parameter\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Consent Requirement<\/span><\/div><\/td>\n<td data-mtr-content=\"DPDP Act (India)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Consent must be clear, specific, and easy to withdraw<\/span><\/div><\/td>\n<td data-mtr-content=\"GDPR (European Union)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Consent must be explicit, informed, and documented for most processing<\/span><\/div><\/td>\n<\/tr>\n<tr>\n<td data-mtr-content=\"Parameter\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Legal Grounds for Processing<\/span><\/div><\/td>\n<td data-mtr-content=\"DPDP Act (India)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Primarily, consent and legitimate uses are defined in the Act<\/span><\/div><\/td>\n<td data-mtr-content=\"GDPR (European Union)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Multiple legal bases, including consent, contract, vital interests, legitimate interests, and public task<\/span><\/div><\/td>\n<\/tr>\n<tr>\n<td data-mtr-content=\"Parameter\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Data Fiduciary vs Data Controller<\/span><\/div><\/td>\n<td data-mtr-content=\"DPDP Act (India)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Uses the terms \u201cData Fiduciary\u201d and \u201cData Processor.\u201d<\/span><\/div><\/td>\n<td data-mtr-content=\"GDPR (European Union)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Uses \u201cData Controller\u201d and \u201cProcessor\u201d<\/span><\/div><\/td>\n<\/tr>\n<tr>\n<td data-mtr-content=\"Parameter\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Children\u2019s Data<\/span><\/div><\/td>\n<td data-mtr-content=\"DPDP Act (India)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Strict restrictions with age set at 18 for consent<\/span><\/div><\/td>\n<td data-mtr-content=\"GDPR (European Union)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Age varies between 13 and 16 across EU countries<\/span><\/div><\/td>\n<\/tr>\n<tr>\n<td data-mtr-content=\"Parameter\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Cross-Border Data Transfers<\/span><\/div><\/td>\n<td data-mtr-content=\"DPDP Act (India)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Allowed only to countries approved by the Central Government (whitelist model)<\/span><\/div><\/td>\n<td data-mtr-content=\"GDPR (European Union)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Transfers allowed with adequacy decisions, SCCs, or appropriate safeguards<\/span><\/div><\/td>\n<\/tr>\n<tr>\n<td data-mtr-content=\"Parameter\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">User Rights<\/span><\/div><\/td>\n<td data-mtr-content=\"DPDP Act (India)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Access, correction, deletion, grievance redressal<\/span><\/div><\/td>\n<td data-mtr-content=\"GDPR (European Union)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Access, rectification, erasure, restriction, portability, objection<\/span><\/div><\/td>\n<\/tr>\n<tr>\n<td data-mtr-content=\"Parameter\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Data Retention<\/span><\/div><\/td>\n<td data-mtr-content=\"DPDP Act (India)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Must be deleted when the purpose is fulfilled; specific retention timelines for certain platforms<\/span><\/div><\/td>\n<td data-mtr-content=\"GDPR (European Union)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Must not be retained longer than necessary; retention is assessed case by case<\/span><\/div><\/td>\n<\/tr>\n<tr>\n<td data-mtr-content=\"Parameter\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Penalties<\/span><\/div><\/td>\n<td data-mtr-content=\"DPDP Act (India)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Up to INR 250 crore per violation category<\/span><\/div><\/td>\n<td data-mtr-content=\"GDPR (European Union)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Up to 4 percent of global annual turnover or EUR 20 million<\/span><\/div><\/td>\n<\/tr>\n<tr>\n<td data-mtr-content=\"Parameter\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Enforcement Authority<\/span><\/div><\/td>\n<td data-mtr-content=\"DPDP Act (India)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Data Protection Board of India<\/span><\/div><\/td>\n<td data-mtr-content=\"GDPR (European Union)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Data Protection Authorities in each EU member state<\/span><\/div><\/td>\n<\/tr>\n<tr>\n<td data-mtr-content=\"Parameter\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Compliance Burden<\/span><\/div><\/td>\n<td data-mtr-content=\"DPDP Act (India)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Designed to be simpler for Indian businesses and startups<\/span><\/div><\/td>\n<td data-mtr-content=\"GDPR (European Union)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">More detailed and complex requirements for full compliance<\/span><\/div><\/td>\n<\/tr>\n<tr>\n<td data-mtr-content=\"Parameter\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Significant Entities<\/span><\/div><\/td>\n<td data-mtr-content=\"DPDP Act (India)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Significant Data Fiduciaries face additional obligations<\/span><\/div><\/td>\n<td data-mtr-content=\"GDPR (European Union)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Controllers processing high-risk data must conduct DPIAs<\/span><\/div><\/td>\n<\/tr>\n<tr>\n<td data-mtr-content=\"Parameter\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Non-Compliance Impact<\/span><\/div><\/td>\n<td data-mtr-content=\"DPDP Act (India)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">High monetary penalties and service restrictions<\/span><\/div><\/td>\n<td data-mtr-content=\"GDPR (European Union)\" class=\"mtr-td-tag\"><div class=\"mtr-cell-content\"><span style=\"font-weight: 400;\">Heavy fines, transfer bans, and operational compliance checks<\/span><\/div><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><span class=\"ez-toc-section\" id=\"Who-Must-Follow-the-DPDP-Act\"><\/span>Who Must Follow the DPDP Act?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The DPDP Act applies broadly and covers any organisation that collects, stores, processes, or handles digital personal data related to individuals in India. This includes businesses of all sizes, government bodies, digital platforms, and foreign companies that offer services to Indian users. The scope is intentionally wide to ensure consistent data protection across India\u2019s digital ecosystem.<\/p>\n<h3>1. All Indian Businesses Handling Personal Data<\/h3>\n<p>Any company operating in India that collects customer information must comply. This includes:<\/p>\n<ul>\n<li>fintech companies<\/li>\n<li><a href=\"https:\/\/www.enkash.com\/resources\/blog\/what-is-nbfc-and-how-it-works\">NBFCs<\/a> and lenders<\/li>\n<li>e-commerce platforms<\/li>\n<li>SaaS and digital service providers<\/li>\n<li>telecom operators<\/li>\n<li>educational institutions<\/li>\n<li>healthcare organisations<\/li>\n<\/ul>\n<p>Whether the business is large or small, compliance is required if it processes digital personal data.<\/p>\n<h3>2. Startups and MSMEs<\/h3>\n<p>Startups and MSMEs are also covered under the Act. While they must follow the same basic principles of consent, security, deletion, and grievance handling, the compliance burden may vary based on:<\/p>\n<ul>\n<li>Volume of data collected<\/li>\n<li>Sensitivity of data<\/li>\n<li>Risk associated with processing<\/li>\n<\/ul>\n<p>This ensures that even smaller businesses handle personal data responsibly.<\/p>\n<h3>3. Government Departments and Public Sector Entities<\/h3>\n<p>Government bodies that collect digital personal data must follow the DPDP Act unless specific exemptions apply. The principles of transparency, lawful use, and secure storage apply to public sector organisations as well.<\/p>\n<h3>4. Foreign Companies Serving Indian Users<\/h3>\n<p>The Act applies to companies outside India if they:<\/p>\n<ul>\n<li>offer goods or services to individuals in India<\/li>\n<li>process personal data of Indian users<\/li>\n<\/ul>\n<p>Global fintech apps, international SaaS platforms, gaming companies, cloud providers, and social media platforms must comply when handling data of Indian residents.<\/p>\n<h3>5. Significant Data Fiduciaries<\/h3>\n<p>Certain organisations may be classified as Significant Data Fiduciaries based on:<\/p>\n<ul>\n<li>volume and sensitivity of data<\/li>\n<li>risk to individuals<\/li>\n<li>impact on national interests<\/li>\n<\/ul>\n<p>These entities have additional obligations, which are detailed under the DPDP Rules.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Impact-of-the-DPDP-Act-on-Fintech-Companies\"><\/span>Impact of the DPDP Act on Fintech Companies<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Fintech companies manage some of the most sensitive personal and financial data in India, which puts them at the center of DPDP compliance. The Act raises the expectations for how fintechs handle customer information and introduces obligations that directly influence product design, operations, partnerships, and long-term growth.<\/p>\n<h3>1. Higher Expectations for Data Governance<\/h3>\n<p>Fintechs must shift from broad, open-ended data collection to clearly defined, purpose-driven data handling. This requires structured internal policies, better documentation, and stronger oversight of how personal data flows through systems.<\/p>\n<h3>2. More Transparent User Journeys<\/h3>\n<p>Onboarding, KYC, lending journeys, and payment flows must now include simple, visible consent interactions. Clear notices and easy withdrawal options will become central to user experience and trust-building.<\/p>\n<h3>3. Stronger Security and Operational Discipline<\/h3>\n<p>Since fintechs process bank details, identity information, and transaction history, the Act demands stronger technical and operational safeguards. Robust monitoring, faster detection of unauthorised access, and well-defined internal controls become essential to avoid penalties and reputational damage.<\/p>\n<h3>4. Stricter Vendor and Partner Accountability<\/h3>\n<p>Fintech ecosystems rely heavily on third parties such as banking partners, KYC providers, cloud platforms, and analytics tools. The Act makes fintech companies responsible for how these partners handle shared data. Vendor contracts, audits, and due diligence processes must be tightened accordingly.<\/p>\n<h3>5. New Responsibilities for Large and High-Risk Fintechs<\/h3>\n<p>Fintechs that process large volumes of sensitive data may be classified as Significant Data Fiduciaries. These organisations must follow heightened compliance expectations, including annual audits, risk assessments, and stronger governance oversight.<\/p>\n<h3>6. Increased Financial and Reputational Risk<\/h3>\n<p>Penalties up to 250 crore per violation category make non-compliance a serious operational threat. A privacy incident can also weaken partnerships with banks, payment networks, and regulators, affecting product approvals and market expansion.<\/p>\n<h3>7. Stronger Market Advantage for Compliant Fintechs<\/h3>\n<p>Fintechs that adopt DPDP-aligned practices early can use privacy as a competitive differentiator. Transparent data handling improves customer trust, strengthens relationships with banks and enterprises, and supports global expansion where privacy standards matter.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Compliance-Checklist-for-Fintechs-and-Businesses\"><\/span>Compliance Checklist for Fintechs and Businesses<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Fintech companies and digital businesses must follow a structured approach to meet the requirements of the DPDP Act and DPDP Rules 2025. This checklist outlines the essential actions needed to build a compliant, secure, and transparent data-handling environment.<\/p>\n<h3>1. Map All Personal Data Flows<\/h3>\n<p>Document every point where personal data is captured, generated, stored, or shared. This includes:<\/p>\n<ul>\n<li>mobile apps<\/li>\n<li>onboarding flows<\/li>\n<li>APIs<\/li>\n<li>third-party integrations<\/li>\n<li>customer support systems<\/li>\n<li>internal databases<\/li>\n<\/ul>\n<p>A complete data inventory is the foundation for identifying compliance gaps.<\/p>\n<h3>2. Apply Data Minimisation Across All Processes<\/h3>\n<p>Ensure each data field collected has a clear, justified purpose. Remove any non-essential fields from:<\/p>\n<ul>\n<li>onboarding forms<\/li>\n<li>payment journeys<\/li>\n<li>KYC processes<\/li>\n<li>marketing workflows<\/li>\n<\/ul>\n<p>Minimising data reduces risk and simplifies compliance.<\/p>\n<h3>3. Redesign Consent and Privacy Notices<\/h3>\n<p>Create consent flows that are:<\/p>\n<ul>\n<li>simple<\/li>\n<li>purpose-specific<\/li>\n<li>easy to withdraw<\/li>\n<\/ul>\n<p>Update privacy notices to match the DPDP Rules 2025 requirements and ensure users understand why their data is collected and how it will be used.<\/p>\n<h3>4. Implement Mandatory Security Controls<\/h3>\n<p>Adopt the technical and organisational safeguards required under the Rules, including:<\/p>\n<ul>\n<li>encryption or pseudonymisation<\/li>\n<li>strict access controls<\/li>\n<li>continuous logging and monitoring<\/li>\n<li>breach detection mechanisms<\/li>\n<li>regular security reviews<\/li>\n<li>dependable backup systems<\/li>\n<\/ul>\n<p>These protections reduce the risk of unauthorised access or data exposure.<\/p>\n<h3>5. Establish Data Retention and Deletion Frameworks<\/h3>\n<p>Define clear retention timelines for each category of personal data. Ensure that:<\/p>\n<ul>\n<li>Data is deleted when no longer required<\/li>\n<li>Deletion workflows are automated where possible<\/li>\n<li>Three-year caps for large digital platforms are followed<\/li>\n<\/ul>\n<p>This prevents unnecessary accumulation of sensitive information.<\/p>\n<h3>6. Set Up a Structured Breach Response Plan<\/h3>\n<p>Create a documented plan that outlines:<\/p>\n<ul>\n<li>How incidents are detected<\/li>\n<li>Who responds internally<\/li>\n<li>How and when to notify affected users<\/li>\n<li>How to report to the Data Protection Board<\/li>\n<\/ul>\n<p>A clear process ensures timely action and reduces regulatory penalties.<\/p>\n<h3>7. Review and Strengthen Vendor Management<\/h3>\n<p>Audit all third-party partners involved in:<\/p>\n<ul>\n<li>KYC<\/li>\n<li>payments<\/li>\n<li>cloud hosting<\/li>\n<li>analytics<\/li>\n<li>customer engagement<\/li>\n<\/ul>\n<p>Update contracts to reflect DPDP obligations and ensure vendors meet required security and privacy standards. Businesses remain accountable for data processed by partners.<\/p>\n<h3>8. Build Processes for User Rights Requests<\/h3>\n<p>Set up internal systems that allow users to:<\/p>\n<ul>\n<li>access their data<\/li>\n<li>request corrections<\/li>\n<li>request deletion<\/li>\n<li>submit grievances<\/li>\n<\/ul>\n<p>Response timelines should be documented and monitored to ensure consistency.<\/p>\n<h3>9. Assess Whether You Qualify as a Significant Data Fiduciary<\/h3>\n<p>Determine if your organisation meets the criteria for SDF classification based on:<\/p>\n<ul>\n<li>volume of data processed<\/li>\n<li>sensitivity of data<\/li>\n<li>risk to individuals or national interests<\/li>\n<\/ul>\n<p><strong>If classified as an SDF, implement the required measures such as:<\/strong><\/p>\n<ul>\n<li>annual independent audits<\/li>\n<li>Data Protection Impact Assessments<\/li>\n<li>appointment of a Data Protection Officer<\/li>\n<\/ul>\n<h3>10. Train Employees on Data Protection Practices<\/h3>\n<p>Conduct regular training for teams handling personal data. Cover:<\/p>\n<ul>\n<li>secure data-handling methods<\/li>\n<li>consent and privacy requirements<\/li>\n<li>incident escalation procedures<\/li>\n<li>responsible data-sharing practices<\/li>\n<\/ul>\n<p>Human awareness is essential for preventing operational risks.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>India\u2019s Digital Personal Data Protection Act marks a fundamental shift in how personal data must be collected, processed, and protected across the digital ecosystem. For fintech companies, payment apps, digital lenders, SaaS providers, and every business handling customer information, the DPDP Act and DPDP Rules 2025 establish a clear framework for privacy, accountability, and security.<\/p>\n<p>The law is not designed to slow innovation. Instead, it encourages responsible digital growth by giving users more control over their information and ensuring companies follow transparent and secure data practices. Businesses that adapt early will have a strong advantage\u2014greater customer trust, smoother regulatory relationships, and improved readiness for global markets where privacy is now a baseline expectation.<\/p>\n<p>The DPDP Act is more than a compliance requirement. It is a long-term opportunity for digital businesses to strengthen trust, reduce risk, and build resilient systems that support sustainable growth in India\u2019s fast-evolving fintech and digital economy.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"FAQs\"><\/span>FAQs<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>1. What is the full form of DPDP?<\/strong><br \/>\nDPDP stands for Digital Personal Data Protection Act, 2023 (DPDP Act). It refers to India\u2019s primary law that governs how digital personal data should be collected, processed, stored, and protected.<\/p>\n<p><strong>2. What is the DPDP Act 2023?<\/strong><br \/>\nThe DPDP Act 2023 is India\u2019s data protection law that gives individuals rights over their personal information and sets defined obligations for businesses handling that data. It covers consent, data minimisation, user rights, security requirements, and penalties for violations.<\/p>\n<p><strong>3. What are DPDP Rules 2025?<\/strong><br \/>\nThe DPDP Rules 2025 outline the operational and procedural requirements needed to implement the Act. They include timelines for enforcement, rules for consent, retention, cross-border data transfers, breach reporting, and obligations for Significant Data Fiduciaries.<\/p>\n<p><strong>4. Who has to comply with the DPDP Act?<\/strong><br \/>\nAll businesses, government bodies, digital platforms, startups, MSMEs, and foreign companies offering services to individuals in India must comply with the DPDP Act if they process digital personal data.<\/p>\n<p><strong>5. What are Significant Data Fiduciaries?<\/strong><br \/>\nSignificant Data Fiduciaries are organisations that process large volumes of sensitive or high-risk data. They have additional obligations such as annual audits, risk assessments, and appointing a Data Protection Officer.<\/p>\n<p><strong>6. What happens if a company does not comply with the DPDP Act?<\/strong><br \/>\nNon-compliance can lead to penalties of up to 250 crore per violation category, along with reputational damage and operational restrictions.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is the DPDP Act? The DPDP Act, or Digital Personal Data Protection Act, is India\u2019s [&hellip;]<\/p>\n","protected":false},"author":30,"featured_media":14452,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[639],"tags":[],"class_list":["post-14451","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ilearn"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What is DPDP Act? | EnKash<\/title>\n<meta name=\"description\" content=\"Understand the Digital Personal Data Protection (DPDP) Act 2023, its rules, compliance requirements, and what it means for Indian fintechs.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is DPDP Act? | EnKash\" \/>\n<meta property=\"og:description\" content=\"Understand the Digital Personal Data Protection (DPDP) Act 2023, its rules, compliance requirements, and what it means for Indian fintechs.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act\" \/>\n<meta property=\"og:site_name\" content=\"EnKash\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-24T05:05:20+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-15T08:50:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.enkash.com\/resources\/wp-content\/uploads\/2025\/09\/What-Is-the-DPDP-Act-and-How-It-Impacts-Indian-Fintech-Companies.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Kunal Bhardwaj\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kunal Bhardwaj\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"16 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act\"},\"author\":{\"name\":\"Kunal Bhardwaj\",\"@id\":\"https:\/\/www.enkash.com\/resources\/#\/schema\/person\/ebc36902b05b023da395de953ccd3e93\"},\"headline\":\"What Is the DPDP Act and How It Impacts Indian Fintech Companies\",\"datePublished\":\"2025-08-24T05:05:20+00:00\",\"dateModified\":\"2025-12-15T08:50:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act\"},\"wordCount\":3115,\"publisher\":{\"@id\":\"https:\/\/www.enkash.com\/resources\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.enkash.com\/resources\/wp-content\/uploads\/2025\/09\/What-Is-the-DPDP-Act-and-How-It-Impacts-Indian-Fintech-Companies.webp\",\"articleSection\":[\"iLearn\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act\",\"url\":\"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act\",\"name\":\"What is DPDP Act? | EnKash\",\"isPartOf\":{\"@id\":\"https:\/\/www.enkash.com\/resources\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.enkash.com\/resources\/wp-content\/uploads\/2025\/09\/What-Is-the-DPDP-Act-and-How-It-Impacts-Indian-Fintech-Companies.webp\",\"datePublished\":\"2025-08-24T05:05:20+00:00\",\"dateModified\":\"2025-12-15T08:50:14+00:00\",\"description\":\"Understand the Digital Personal Data Protection (DPDP) Act 2023, its rules, compliance requirements, and what it means for Indian fintechs.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act#primaryimage\",\"url\":\"https:\/\/www.enkash.com\/resources\/wp-content\/uploads\/2025\/09\/What-Is-the-DPDP-Act-and-How-It-Impacts-Indian-Fintech-Companies.webp\",\"contentUrl\":\"https:\/\/www.enkash.com\/resources\/wp-content\/uploads\/2025\/09\/What-Is-the-DPDP-Act-and-How-It-Impacts-Indian-Fintech-Companies.webp\",\"width\":1920,\"height\":1080,\"caption\":\"DPDP-Act\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.enkash.com\/resources\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"iLearn\",\"item\":\"https:\/\/www.enkash.com\/resources\/blog\/category\/ilearn\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"What Is the DPDP Act and How It Impacts Indian Fintech Companies\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.enkash.com\/resources\/#website\",\"url\":\"https:\/\/www.enkash.com\/resources\/\",\"name\":\"EnKash\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.enkash.com\/resources\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.enkash.com\/resources\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.enkash.com\/resources\/#organization\",\"name\":\"EnKash\",\"url\":\"https:\/\/www.enkash.com\/resources\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.enkash.com\/resources\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.enkash.com\/resources\/wp-content\/uploads\/2025\/08\/Enkash-New-Logo-01-2-1.svg\",\"contentUrl\":\"https:\/\/www.enkash.com\/resources\/wp-content\/uploads\/2025\/08\/Enkash-New-Logo-01-2-1.svg\",\"width\":85,\"height\":24,\"caption\":\"EnKash\"},\"image\":{\"@id\":\"https:\/\/www.enkash.com\/resources\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.enkash.com\/resources\/#\/schema\/person\/ebc36902b05b023da395de953ccd3e93\",\"name\":\"Kunal Bhardwaj\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/bbf43564c836fe8972147c037c7879c0269809884869c8ca16434d4aaedab045?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/bbf43564c836fe8972147c037c7879c0269809884869c8ca16434d4aaedab045?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/bbf43564c836fe8972147c037c7879c0269809884869c8ca16434d4aaedab045?s=96&d=mm&r=g\",\"caption\":\"Kunal Bhardwaj\"},\"description\":\"I am a fintech content writer with expertise in accounting, finance, and digital payment ecosystems. With an academic background and hands-on experience in the accounting domain, I bring strong practical insights into financial operations, compliance, and business finance. I specialize in creating high-quality, research-driven content on fintech solutions, payments, corporate finance, expense management, and financial technology trends, helping businesses and professionals make informed decisions.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What is DPDP Act? | EnKash","description":"Understand the Digital Personal Data Protection (DPDP) Act 2023, its rules, compliance requirements, and what it means for Indian fintechs.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act","og_locale":"en_US","og_type":"article","og_title":"What is DPDP Act? | EnKash","og_description":"Understand the Digital Personal Data Protection (DPDP) Act 2023, its rules, compliance requirements, and what it means for Indian fintechs.","og_url":"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act","og_site_name":"EnKash","article_published_time":"2025-08-24T05:05:20+00:00","article_modified_time":"2025-12-15T08:50:14+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.enkash.com\/resources\/wp-content\/uploads\/2025\/09\/What-Is-the-DPDP-Act-and-How-It-Impacts-Indian-Fintech-Companies.webp","type":"image\/webp"}],"author":"Kunal Bhardwaj","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kunal Bhardwaj","Est. reading time":"16 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act#article","isPartOf":{"@id":"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act"},"author":{"name":"Kunal Bhardwaj","@id":"https:\/\/www.enkash.com\/resources\/#\/schema\/person\/ebc36902b05b023da395de953ccd3e93"},"headline":"What Is the DPDP Act and How It Impacts Indian Fintech Companies","datePublished":"2025-08-24T05:05:20+00:00","dateModified":"2025-12-15T08:50:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act"},"wordCount":3115,"publisher":{"@id":"https:\/\/www.enkash.com\/resources\/#organization"},"image":{"@id":"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act#primaryimage"},"thumbnailUrl":"https:\/\/www.enkash.com\/resources\/wp-content\/uploads\/2025\/09\/What-Is-the-DPDP-Act-and-How-It-Impacts-Indian-Fintech-Companies.webp","articleSection":["iLearn"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act","url":"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act","name":"What is DPDP Act? | EnKash","isPartOf":{"@id":"https:\/\/www.enkash.com\/resources\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act#primaryimage"},"image":{"@id":"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act#primaryimage"},"thumbnailUrl":"https:\/\/www.enkash.com\/resources\/wp-content\/uploads\/2025\/09\/What-Is-the-DPDP-Act-and-How-It-Impacts-Indian-Fintech-Companies.webp","datePublished":"2025-08-24T05:05:20+00:00","dateModified":"2025-12-15T08:50:14+00:00","description":"Understand the Digital Personal Data Protection (DPDP) Act 2023, its rules, compliance requirements, and what it means for Indian fintechs.","breadcrumb":{"@id":"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act#primaryimage","url":"https:\/\/www.enkash.com\/resources\/wp-content\/uploads\/2025\/09\/What-Is-the-DPDP-Act-and-How-It-Impacts-Indian-Fintech-Companies.webp","contentUrl":"https:\/\/www.enkash.com\/resources\/wp-content\/uploads\/2025\/09\/What-Is-the-DPDP-Act-and-How-It-Impacts-Indian-Fintech-Companies.webp","width":1920,"height":1080,"caption":"DPDP-Act"},{"@type":"BreadcrumbList","@id":"https:\/\/www.enkash.com\/resources\/blog\/what-is-the-dpdp-act#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.enkash.com\/resources\/"},{"@type":"ListItem","position":2,"name":"iLearn","item":"https:\/\/www.enkash.com\/resources\/blog\/category\/ilearn"},{"@type":"ListItem","position":3,"name":"What Is the DPDP Act and How It Impacts Indian Fintech Companies"}]},{"@type":"WebSite","@id":"https:\/\/www.enkash.com\/resources\/#website","url":"https:\/\/www.enkash.com\/resources\/","name":"EnKash","description":"","publisher":{"@id":"https:\/\/www.enkash.com\/resources\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.enkash.com\/resources\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.enkash.com\/resources\/#organization","name":"EnKash","url":"https:\/\/www.enkash.com\/resources\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.enkash.com\/resources\/#\/schema\/logo\/image\/","url":"https:\/\/www.enkash.com\/resources\/wp-content\/uploads\/2025\/08\/Enkash-New-Logo-01-2-1.svg","contentUrl":"https:\/\/www.enkash.com\/resources\/wp-content\/uploads\/2025\/08\/Enkash-New-Logo-01-2-1.svg","width":85,"height":24,"caption":"EnKash"},"image":{"@id":"https:\/\/www.enkash.com\/resources\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.enkash.com\/resources\/#\/schema\/person\/ebc36902b05b023da395de953ccd3e93","name":"Kunal Bhardwaj","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/bbf43564c836fe8972147c037c7879c0269809884869c8ca16434d4aaedab045?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/bbf43564c836fe8972147c037c7879c0269809884869c8ca16434d4aaedab045?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/bbf43564c836fe8972147c037c7879c0269809884869c8ca16434d4aaedab045?s=96&d=mm&r=g","caption":"Kunal Bhardwaj"},"description":"I am a fintech content writer with expertise in accounting, finance, and digital payment ecosystems. With an academic background and hands-on experience in the accounting domain, I bring strong practical insights into financial operations, compliance, and business finance. I specialize in creating high-quality, research-driven content on fintech solutions, payments, corporate finance, expense management, and financial technology trends, helping businesses and professionals make informed decisions."}]}},"_links":{"self":[{"href":"https:\/\/www.enkash.com\/resources\/wp-json\/wp\/v2\/posts\/14451","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.enkash.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enkash.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enkash.com\/resources\/wp-json\/wp\/v2\/users\/30"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enkash.com\/resources\/wp-json\/wp\/v2\/comments?post=14451"}],"version-history":[{"count":0,"href":"https:\/\/www.enkash.com\/resources\/wp-json\/wp\/v2\/posts\/14451\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.enkash.com\/resources\/wp-json\/wp\/v2\/media\/14452"}],"wp:attachment":[{"href":"https:\/\/www.enkash.com\/resources\/wp-json\/wp\/v2\/media?parent=14451"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enkash.com\/resources\/wp-json\/wp\/v2\/categories?post=14451"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enkash.com\/resources\/wp-json\/wp\/v2\/tags?post=14451"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}