Controllo.ai is an AI-powered Compliance Automation Platform designed to streamline compliance, automate risk management, and centralise audit readiness. Controllo was founded in 2022, a product by Accedere, which brings together years of GRC knowledge and Tech expertise.
The DPDP Act is India’s first comprehensive data privacy framework of the Parliament of India to provide for the processing of digital personal data in a manner that recognises both the right. controllo.ai & accedere.io provide the DPDP framework to their client; they have more than 20+ years of experience to provide sufficient services.
"Discover Smarter Risk Management. Schedule Your Demo."
DPDP Act Rules Everyone Should Know
Controllo.ai presents a new informative article on the DPDP Act framework, which stands for Digital Personal Data Protection. Nowadays, due to the competition in the AI industry, every organisation must be aware of the DPDP Act rules and regulations. We are starting from the framework introduction of the DPDP Act, known as the India Digital Personal Data Protection Act. The main feature of DPDPA is protecting individuals as well as personal data maintenance or transmission on the web. They must also tell you in transparent terms about the data they collect and how withdrawal of consent can be made.
The Act compels companies to implement strong cybersecurity measures like encryption and access controls to secure your information. If your information is divulged, they must notify you and an appointed indian government board within 72 hours. Larger companies that handle sensitive information must conduct periodic risk assessments and impact assessments. The Indian government also aims to have these rules in place over time, and therefore, any company that is trading in digital data must be ready for it, and that means keeping your data secure, private, and under your control.
Top 3 Key Principles of the DPDP Act
When we start work with DPDP Act framework so you have know about the basic 3 principles of the Digital Personal Data Protection Act controllo.ai we know as compliance automation platform we specialise in DPDP Act fremwork we have another sister company as accedere.io they have more than 20 year experience for cyber security we explain below 3 basic principles of DPSP with some essential points.
We continue with the basic fundamentals when you start work with the DPDP Act framework, so you have to properly understand the organisation’s requirements start work with Under the DPDP Act, your personal data can only be collected and used after you give clear permission. The secondary principle is Data Minimisation. Companies should collect only the data they really need, not more. Then we have to make Strong Security Practices. The Data Protection Act expects organisations to use strong cybersecurity steps like encryption to keep their data safe. It’s the three basic principles of the DPDP Act.
The biggest changes DPDP Act brings in 2025
Controllo.ai come back with some changes to the DPDP Act in 2025, as per Enhanced protections for children’s data and Mandatory breach reporting, DPOs, those two changes are indeed key updates introduced in the Draft DPDP Rules, 2025 (which operationalise the 2023 Act). When we talk about the Children’s data collection as per the new DPDP Act rule in 2025 government has strictly restricted us from using Children’s data under the 18 age cannot be used for tracking, profiling, or behavioural ads, and must be deleted once the purpose is fulfilled.
Feature | What the 2025 Draft Adds |
Children’s Data Consent | Verifiable parental consent is required for processing data of minors, with identity checks |
Breach Reporting | Mandatory 72-hour notification to the Board and individuals in case of breach |
Data Protection Officer (DPO) | Appointment of an India-based DPO for significant fiduciaries, with audits and DPIAs |
The secondary privacy policy was updated as per the report we when conducted on the DPDP Act framework, so at that time we have to provide Mandatory breach reporting, DPOs to Organisations within 72 hours to both the Data Protection Board and affected individuals. The first batch of Significant Data Fiduciaries now needs to appoint an India-based Data Protection Officer (DPO), conduct Data Protection Impact Assessments, and carry out annual audits. When we talk about our organisation, Controllo.Ai supports your team through integrated DFDs, PIA/DPIA capability, automated control mapping, and centralised evidence management, allowing for easy and effective implementation of the 2025 DPDP Act requirements.