★ Founding Cohort open: limited seats remaining Back to main site →
Data Protection

DPDP Act 2023: Professional Certification

India's Digital Personal Data Protection Act 2023 and DPDP Rules 2025

Free All-levels 6 hours 8 modules ★ Founding Cohort: 1,000 seats left
★ Founding Cohort, DPDP Class of 2026. The first 1,000 learners to pass the final exam receive a permanent "Founding #N" badge on their certificate. 1,000 seats remaining.
8
Modules
35
Lessons
60
Exam questions
75%
Pass mark

A structured, citation-backed course covering the full Digital Personal Data Protection Act 2023 and the operational DPDP Rules 2025 notified by MeitY in November 2025. Lessons are written from the statutory text and triple-verified for accuracy.

What you will learn
  • Understand the constitutional and policy origins of the DPDP Act
  • Identify the five roles defined by the Act and your organisation's position
  • Operationalise the rights of data principals across access, correction, erasure, grievance, and nomination
  • Implement notice, consent, security, retention, and children's data obligations
  • Build a RoPA, DPIA, consent register, and breach response runbook
  • Apply the AI compliance principles introduced by the 2025 Rules
  • Navigate the Data Protection Board, penalty matrix, and appeals process
Prerequisites
  • No prior legal background required
  • Basic familiarity with how organisations collect and use personal data is helpful
Who this is for
  • Compliance and privacy professionals
  • In-house counsel and DPOs
  • Founders, product managers, engineering leads
  • Auditors, consultants, and policy researchers
About the author
AJ
Adv. Joginder Poswal
Course Author. Advocate and author of "DPDP Compliance for Indian Businesses".

Adv. Joginder Poswal is the founder of Poswal Law Office and the author of "DPDP Compliance for Indian Businesses: A Practical Guide for SMEs, Startups, and Founders". He brings 18 years of IT operations experience to legal practice, which gives the course a perspective most DPDP material lacks: it does not just explain what the law says, it explains what it means for how your systems actually work. This free educational course is based on the published book and the Government of India statutory text. It is intended as awareness material and does not constitute legal advice or solicitation.

No account to create. We email you a one-click link.
How we use your personal data DPDP notice
  • What we collect: name, email, IP address (for security logging), and course progress.
  • Why: to email you the one-click access link, deliver lessons, issue your certificate, and (with your consent) send course updates plus a Day-7 follow-up about dcomply.
  • How long: kept until you unsubscribe or request erasure.
  • Your rights under the DPDP Act 2023: access, correction, erasure, and grievance redressal. Write to dpo@dcomply.in to exercise any of them.
  • Unsubscribe any time using the link in every email we send you.
Certificate on completion. Pass mark 75%.
Curriculum

Syllabus

8 modules, 35 lessons. Click any module to expand.

Where India's data protection law came from, why it took six years, and how to read it.

  1. 1. Why this law, why now 8 min
  2. 2. How to read the law 7 min
  3. 3. Key definitions you must know 10 min
  4. 4. When does the Act apply to you? 8 min

Who is who, and why the role you sit in changes everything.

  1. 1. The Data Principal 7 min
  2. 2. The Data Fiduciary 9 min
  3. 3. The Data Processor 7 min
  4. 4. Significant Data Fiduciary and Consent Manager 9 min

Access, correction, erasure, grievance redressal, nomination, and the duties of a Data Principal.

  1. 1. Right to access information about personal data (Section 11) 7 min
  2. 2. Right to correction and erasure (Section 12) 8 min
  3. 3. Right of grievance redressal (Section 13) 6 min
  4. 4. Right to nominate (Section 14) 5 min
  5. 5. Duties of Data Principal (Section 15) 5 min

Notice, consent, security, retention, and the special rules for children's data and SDFs.

  1. 1. Lawful grounds for processing (Section 4) 6 min
  2. 2. Notice (Section 5 and Rule 3) 8 min
  3. 3. Certain legitimate uses (Section 7) 7 min
  4. 4. General obligations: security, breach, erasure, DPO contact (Section 8) 9 min
  5. 5. Children's data (Section 9 and Rule 10) 7 min

The practical artefacts every compliance program needs, with templates and worked examples.

  1. 1. Data mapping 8 min
  2. 2. Record of Processing Activities (RoPA) 7 min
  3. 3. Consent architecture 8 min
  4. 4. Breach response runbook 9 min
  5. 5. Retention design 7 min

When you become a Significant Data Fiduciary, how to scope and run a DPIA, and how to structure the DPO function.

  1. 1. Becoming a Significant Data Fiduciary 6 min
  2. 2. The Data Protection Officer 6 min
  3. 3. Data Protection Impact Assessment 8 min
  4. 4. Independent audit and algorithmic diligence 6 min

How the Board works, how investigations unfold, the penalty matrix, and the appeals path.

  1. 1. The Data Protection Board of India 6 min
  2. 2. The Schedule penalty matrix 6 min
  3. 3. Handling a Board inquiry 6 min
  4. 4. Voluntary undertakings, ADR, and the appeals path 5 min

How DPDPA principles apply to machine learning, generative AI, and modern AI systems.

  1. 1. The AI lifecycle under DPDPA 7 min
  2. 2. Data minimisation for AI systems 7 min
  3. 3. Notice and consent design for AI 6 min
  4. 4. Fairness, bias, and explainability 7 min
Educational content, not legal advice. This course is for educational and awareness purposes only. It does not constitute legal advice. The content is based on the Digital Personal Data Protection Act 2023 and DPDP Rules 2025 as published by the Government of India. For specific compliance decisions, organisations and individuals should consult a qualified data protection lawyer. Legal basis: DPDP Act 2023 (No. 22 of 2023) + DPDP Rules 2025 (G.S.R. 843(E)-846(E), notified 13 November 2025)