Over 6,900 Suggestions Received on Draft Digital Data Protection Rules: Govt in Parliament
New Delhi, 26th July 2025: Union Minister of State for Electronics and Information Technology, Jitin Prasada, informed the Rajya Sabha on Friday that the Government of India has received 6,915 suggestions and inputs from citizens and stakeholders on the Draft Digital Personal Data Protection (DPDP) Rules, 2025, which aim to operationalize the DPDP Act, 2023.
“The Digital Personal Data Protection Act, 2023 is a comprehensive legislation that balances the rights of individuals to protect their personal data with the need for lawful and legitimate data processing,” Prasada said.
The draft rules, released for public consultation, form a crucial step in implementing the DPDP Act and will shape how digital personal data is handled across sectors in India.
Ensuring a Safe and Trusted Cyberspace
Prasada emphasized that the Government’s policies are focused on creating a safe, trusted, and accountable cyberspace for all users. “Capacity building and public awareness are key components of our national cybersecurity strategy,” he stated.
Among the major initiatives highlighted:
CyberShakti Programme, launched in October 2024, aims to build a skilled women workforce in cybersecurity.
Under the Information Security Education and Awareness (ISEA) programme, 3,637 workshops have been held, reaching over 8.2 lakh participants including law enforcement, government personnel, students, and women.
Regular observance of Cyber Security Awareness Month and Safer Internet Day promotes safe online behaviour, secure transactions, and cyber hygiene practices.
Awareness content—including videos, posters, and guides on emerging threats like deepfakes—is made available in multiple languages on platforms such as www.staysafeonline.in, www.infosecawareness.in, and www.csk.gov.in.
Institutional Measures to Strengthen Cybersecurity
To reinforce national cyber infrastructure and data protection, Prasada listed key institutional and legal measures:
The National Critical Information Infrastructure Protection Centre (NCIIPC) has been established under Section 70A of the IT Act, 2000, to safeguard critical information infrastructure.
The Indian Computer Emergency Response Team (CERT-In), designated under Section 70B, acts as the national agency for cyber incident response and regularly issues advisories on emerging threats and mitigation strategies.
The National Cyber Coordination Centre (NCCC) facilitates threat detection and inter-agency coordination.
The Cyber Swachhta Kendra (CSK) offers tools to clean malware and botnets, along with cybersecurity tips for individuals and organisations.
The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 mandate baseline security practices for handling sensitive personal data.
Prasada reiterated that under the DPDP Act, data fiduciaries are legally required to adopt robust technical and organisational measures to prevent personal data breaches. “The law mandates accountability from data fiduciaries and enforces reasonable safeguards to protect citizens’ digital personal data,” he added.
