G.S.R. 844(E)
The establishment of the DPBI introduces real accountability and enforceability, making data protection a core compliance requirement rather than a theoretical obligation.
Type
Notified On
Effective From
Status
The Central Government, through notification G.S.R. 844(E) issued under the Digital Personal Data Protection Act, 2023, has formally established the Data Protection Board of India (DPBI) as the primary adjudicatory and enforcement authority under the Act. The Board comes into effect from the date of publication of the notification in the Official Gazette (13 November 2025), with its head office located in the National Capital Region (NCR).
The Data Protection Board of India is constituted as a statutory body empowered to exercise regulatory oversight, adjudicate disputes, and enforce compliance related to digital personal data protection. It functions as the central authority responsible for handling grievances, monitoring violations, and imposing penalties under the Act. The notification effectively activates the institutional backbone required to operationalize India’s data protection regime.
The primary objective of establishing the Board is to create a dedicated, accountable, and technology-driven enforcement mechanism. It is intended to ensure that the rights of Data Principals are protected while holding Data Fiduciaries responsible for lawful data processing. The Board also aims to bring speed, consistency, and transparency to dispute resolution and regulatory actions in the data protection ecosystem.
The notification has immediate and structural implications. First, it signals a transition from a policy framework to an enforceable regulatory regime, where non-compliance can now be actively investigated and penalized. Second, organizations must prepare for formal scrutiny, grievance handling, and audit-ready documentation, as enforcement is no longer theoretical. Third, it enhances trust and accountability in the digital economy by providing individuals with a clear redressal mechanism.
In essence, the establishment of the Data Protection Board of India converts the DPDP Act from a legislative promise into a functional compliance ecosystem, making data protection a real and enforceable business obligation.