DPDP Basics
DPDP Consent Requirements Explained in 3 Minutes
Published on August 28, 2024
Consent under the DPDP Act is strict, and most websites in India violate it without realizing.
Here is the simplified version.
What Counts as Valid Consent?
- Free — no forced or bundled consent
- Specific — separate for each purpose
- Informed — user knows what & why
- Unambiguous — clear opt in
- Revocable — users can withdraw anytime
If you do not meet all five, the consent is invalid.
Invalid Consent Examples
- Pre ticked checkboxes
- “By continuing you agree to everything”
- One checkbox for 20 purposes
- Consent forced to use the website
Valid Consent Examples
- “I agree to receive marketing emails.” (separate checkbox)
- “I agree to the processing of my academic records for admission.”
- “I agree to share my data with XYZ vendor.”
Right to Withdraw
Users must be able to withdraw consent easily via:
- account settings
- form
- support request
Withdrawal must be as easy as giving consent.
What Organizations Must Do
- store consent logs
- record when consent was given
- record how consent was given
- stop processing if user withdraws
This is one of the simplest but most commonly violated parts of the Act.
Ready to Secure Your Compliance?
Explore our services and take the next step towards DPDP readiness.