Aspirant Academy

RAS question

As per the Digital Personal Data Protection Rules implementation announced on Data Privacy Day 2026, what is the maximum penalty for violations under the framework?

Correct answer: (A) ₹250 crore.

Under the Digital Personal Data Protection framework, the maximum monetary penalty is up to ₹250 crore for a Data Fiduciary's failure to maintain reasonable security safeguards.

  1. (A)

    ₹250 crore

  2. (B)

    ₹100 crore

  3. (C)

    ₹500 crore

  4. (D)

    ₹50 crore

Explanation

The Digital Personal Data Protection Rules, 2025 give full effect to the Digital Personal Data Protection Act, 2023. Under this framework, the strongest penalty is tied to the core duty of a Data Fiduciary: maintaining reasonable security safeguards to prevent a personal data breach. The official PIB note states that this failure can attract a penalty of up to ₹250 crore. For a Data Fiduciary, ₹250 crore is therefore the maximum figure under these penalty provisions. Other penalties mentioned in the same framework are lower: up to ₹200 crore for failure to notify the Board or affected individuals of a personal data breach and for violations relating to children, and up to ₹50 crore for other violations by a Data Fiduciary.

Why the other options are wrong

  • (B) ₹100 crore is below the ₹250 crore maximum for failure to maintain reasonable security safeguards.
  • (C) ₹500 crore overstates the penalty figure; the highest penalty under the framework is ₹250 crore.
  • (D) ₹50 crore applies only to other violations by a Data Fiduciary, not to the highest-penalty category for failure to maintain reasonable security safeguards.

Concept

Digital governance under Indian Constitution and Governance includes how privacy regulation creates enforceable duties for organisations handling personal data. Privacy, data protection and accountable digital administration recur in RAS because they now sit at the intersection of rights, governance and public policy.

Source

Related questions