DPDP Roles, explained simply

India's Digital Personal Data Protection Act. Who is who.

‹ Sector wise readiness

Sector wise readiness

Consent Managers: a role you apply for, not a sector you land in

Most posts in this series are about sectors you land in by what you build. This one is different. A Consent Manager is a role you apply for, and it runs on its own registration track, not the ordinary Data Fiduciary path.

Two things people get wrong right away

The timing trap. If a vendor is pitching you a "Consent Manager" product today, pause. Registration with the Board only opens around November 2026. Anything sold before then is a consent platform for your own use. It cannot yet be a registered Consent Manager. Buying one and believing you have discharged a statutory role is the trap.

It is a capitalised, tightly conditioned role, not a light label. To register under the First Schedule you must be an India incorporated company with a net worth of at least Rs 2 crore, sound management, and an independently certified interoperable platform. It is closer to a regulated financial intermediary than a SaaS signup.

The baseline still applies, as it does to everyone

Then the conditions specific to the role

The better question

The better question is not "can we buy a Consent Manager tool and tick this off?"

It is "are we trying to operate as a registered Consent Manager, where none of this is optional, or do we just need a consent platform for our own compliance?"

Law creates obligations. Scale and risk influence implementation. But if you take on this role, the First Schedule conditions apply in full from the start. There is no lightweight version of a fiduciary intermediary.

Are you being sold a "Consent Manager" that cannot actually be registered yet?

#DPDP #DataProtection #ConsentManagement #RegTech #Privacy #DigitalIndia

Be DPDP ready before the deadline

We are preparing more than a dozen ready to use templates, including the Privacy Notice, Consent Notice, Data Retention and Erasure Policy, Security Safeguards Policy, Breach Response Procedure, Children's Data Policy, and the Data Processing Agreement. Drop your email and we will notify you when the assessment and templates go live.