Aspirant Academy

MCQ

Digital Personal Data Protection (DPDP) Rules, 2025 MCQ - Practice Questions with Answers

Solve 5 Digital Personal Data Protection (DPDP) Rules, 2025 questions for RAS/RPSC preparation.

Practice questions

Q1On which date were the Digital Personal Data Protection Rules, 2025 notified by the Government of India?

A 11 August 2023
B 14 November 2025
C 17 November 2025
D 3 January 2025
Explanation

The Government of India notified the Digital Personal Data Protection Rules, 2025 on 14 November 2025. The notification gave effect to the framework of the DPDP Act, 2023; the PIB backgrounder carrying this fact was published later, on 17 November 2025.

Q2Which institution hears appeals against decisions of the Data Protection Board of India under the digital personal data protection framework?

A Supreme Court of India directly
B Competition Commission of India
C Central Information Commission
D Telecom Disputes Settlement and Appellate Tribunal
Explanation

The Telecom Disputes Settlement and Appellate Tribunal, commonly referred to as TDSAT, is the designated appellate authority. It hears appeals against decisions of the Data Protection Board of India, while the Board itself handles compliance inquiries and complaints digitally.

Q3Consider the following statements about the Digital Personal Data Protection Rules, 2025: 1. The Data Protection Board of India is designed as a fully digital body with 4 members. 2. Data Fiduciaries must address requests concerning access, correction, updating or erasure within a maximum of 90 days. Which of the statements given above is/are correct?

A 1 only
B 2 only
C Both 1 and 2
D Neither 1 nor 2
Explanation

Both statements are correct. The Data Protection Board of India is a fully digital body comprising 4 members, with online complaint filing and case tracking. Data Fiduciaries must also address requests for access, correction, updating or erasure within a maximum period of 90 days.

Q4Match List I with List II and select the correct answer using the code below. List I (Default) 1. Failure to maintain reasonable security safeguards 2. Failure to notify a personal data breach or violation of obligations relating to children 3. Any other violation by a Data Fiduciary List II (Maximum penalty) a. ₹50 crore b. ₹200 crore c. ₹250 crore

A 1-c, 2-b, 3-a
B 1-b, 2-c, 3-a
C 1-a, 2-b, 3-c
D 1-c, 2-a, 3-b
Explanation

The correct matching is 1-c, 2-b and 3-a. Failure to maintain reasonable security safeguards can attract up to ₹250 crore. Failure to notify a breach or a violation of obligations relating to children can attract up to ₹200 crore, while another violation by a Data Fiduciary can attract up to ₹50 crore.

Q5Which of the following is incorrect regarding the protection of children's personal data under the Digital Personal Data Protection Rules, 2025?

A Verifiable consent from a parent or guardian is ordinarily required.
B The stated exceptions include healthcare, education and real-time safety services.
C A child's personal data may always be processed for commercial profiling without parental consent.
D Violating obligations relating to children's data can attract a penalty of up to ₹200 crore.
Explanation

Option C is incorrect. The Rules ordinarily require verifiable consent from a parent or guardian before a child's personal data is processed; the specified exceptions concern essential services such as healthcare, education and real-time safety. They do not create an unrestricted permission for commercial profiling.

You've seen 5 of 5 sample questions

Unlimited practice on Digital Personal Data Protection (DPDP) Rules, 2025 comes with the RAS Test Series + Practice pack or Gate Pass.

More topics in Government Schemes

Explore other subjects