DPDP Roles, explained simply

India's Digital Personal Data Protection Act. Who is who.

‹ Sector wise readiness

Sector wise readiness

Online and real money gaming: the 50 lakh line, not 2 crore

A misconception I keep seeing when gaming startups read DPDP checklists: "the auto erasure rules are for the giants, we are mid size, we are clear."

That is the assumption that catches gaming operators out, because your threshold is not the one everyone quotes.

E-commerce and social media cross into the Third Schedule retention regime at 2 crore users. Online and real money gaming crosses it at 50 lakh. That is a quarter of the bar. A mid size operator who feels small next to the 2 crore number can already be fully in scope and not realise it.

A sector map is a superset, not a launch checklist. So start with what applies to everyone, whatever your size.

What applies from the start, whatever your size

What gaming lives on from day one, whatever your user count

What switches on only once you cross 50 lakh users

These are automatic at the threshold. Not before, but the day you cross it they apply, whether or not anyone has notified you.

Kept separate from all of the above

The better question

The better question is not "are we big enough for the gaming rules?"

It is "have we actually crossed 50 lakh, and have we built the day one basics regardless?"

Law creates obligations. Scale and risk influence implementation. But KYC security and transaction logs apply from your first paying user. The threshold only adds to that floor.

If you run a gaming platform, did you know the trigger was 50 lakh, not 2 crore? Drop it in the comments.

Next in this series: social media and UGC platforms, where the 2 crore line and content data meet.

#DPDP #DataProtection #Gaming #RealMoneyGaming #Privacy #iGaming

Be DPDP ready before the deadline

We are preparing more than a dozen ready to use templates, including the Privacy Notice, Consent Notice, Data Retention and Erasure Policy, Security Safeguards Policy, Breach Response Procedure, Children's Data Policy, and the Data Processing Agreement. Drop your email and we will notify you when the assessment and templates go live.