The Government of India officially notified the Digital Personal Data Protection (DPDP) Rules, 2025 on November 14, 2025, fully operationalising the Digital Personal Data Protection Act, 2023 — India's first comprehensive data privacy legislation. The rules were finalised by the Ministry of Electronics and Information Technology (MeitY) after extensive public consultations held in seven cities (Delhi, Mumbai, Guwahati, Kolkata, Hyderabad, Bengaluru, and Chennai), receiving 6,915 inputs. Key provisions include: citizens' rights to access, correct, update, and seek erasure of their personal data; Data Fiduciaries must respond to requests within 90 days; a fully digital Data Protection Board of India with four members will adjudicate complaints through an online portal and mobile application. The rules introduce an 18-month phased compliance window for organisations. Consent Manager provisions become effective 12 months after notification (by November 2026), while other substantive provisions take effect from May 2027. The DPDP Rules impose significant compliance obligations on data fiduciaries — especially Big Tech platforms, healthcare providers, and financial institutions — marking a transformative moment for India's digital governance landscape.