Skip to main content

Rule 2: Definitions

Rule 2 provides the key definitions that are used throughout the Digital Personal Data Protection Rules, 2025. These definitions ensure clarity and consistency in interpretation.

  • Act means the Digital Personal Data Protection Act, 2023.
  • Board refers to the Data Protection Board of India established under the Act.
  • Consent Manager means an entity registered with the Board that enables Data Principals to give, manage, review, and withdraw their consent in a transparent manner.
  • Grievance Officer refers to the person appointed by a Data Fiduciary to address complaints from Data Principals.
  • Significant Data Fiduciary means a Data Fiduciary notified as such by the Central Government on the basis of factors such as the volume and sensitivity of data processed, risks of harm to Data Principals, or impact on sovereignty and integrity of India.
  • Schedule refers to the schedules annexed to the Rules, which form an integral part of them.

By laying down these definitions at the outset, Rule 2 ensures that all stakeholders — Data Principals, Data Fiduciaries, Consent Managers, and regulators — interpret the Rules in a uniform manner.