ARTICLE
16 July 2025

Ministry Releases Business Requirement Document For Consent Management Under The DPDP Act, 2023

SR
S.S. Rana & Co. Advocates

Contributor

S.S. Rana & Co. Advocates logo
S.S. Rana & Co. is a Full-Service Law Firm with an emphasis on IPR, having its corporate office in New Delhi and branch offices in Mumbai, Bangalore, Chennai, Chandigarh, and Kolkata. The Firm is dedicated to its vision of proactively assisting its Fortune 500 clients worldwide as well as grassroot innovators, with highest quality legal services.
Explore Firm Details
The National e-Governance Division has released the Business Requirement Document for Consent Management under the DPDP Act, 2023 (hereinafter referred to as the "BRD").
India Privacy
Anuradha Gandhi and Rachita Thakur
Your Author LinkedIn Connections

Introduction

The National e-Governance Division has released the Business Requirement Document for Consent Management under the DPDP Act, 2023 (hereinafter referred to as the "BRD").

The BRD is released as a part of implementation of the DPDP Act, 2023, makes a formal document for Data Fiduciary on lookout for consent management mechanism. The BRD provides the mechanism to be adopted by the Data Fiduciaries and Data Processors to manage consent securely in compliance with the Indian Data Protection Law and also enables Data Principals to exercise their rights over their personal data.

Objectives

The BRD sets out to achieve:

  1. End-to-end consent lifecycle management in line with the requirements of the DPDP Act and its rules.
  2. Empowering Data Principals to control and manage their consent preferences and exercise their data rights via a user-centric platform
  3. Ensure compliance with the Data Privacy Act and Principles.

Key elements of Business Requirement Document

  1. Components of Consent Management Platform: It consists of consent collection, validation, renewal, update, withdrawal, cookie consent and audit logs with indicative flows for developing consent management system.
  2. Interoperability Guidance and Grievance Redressal between Data Principal, Data Fiduciary and Data Processor ensuring transparency, operational efficiency and compliance with real-time updates.
  3. Architectural interface and best practice for complaint logging, audit logs, resolution tracking and system administration.

For more information, please refer BRD at: https://d38ibwa0xdgwxx.cloudfront.net/whatsnew-docs/8d5409f5-d26c-4697-b10e-5f6fb2d583ef.pdf

Rishabh Gupta, Junior Associate Advocate at S.S.Rana & Co. has assisted in the research of this article.

For further information please contact at S.S Rana & Co. email: info@ssrana.in or call at (+91- 11 4012 3000). Our website can be accessed at www.ssrana.in

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Anuradha Gandhi
Anuradha Gandhi
Photo of Rachita Thakur
Rachita Thakur
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More