Data Protection Board of India
Data protection authority in India
From Wikipedia, the free encyclopedia
The Data Protection Board of India (DPBI) is an adjudicating body established under section 18[1] of the Digital Personal Data Protection Act, 2023. It is a body that adjudicates the dispute between those whose personal data has been given to a platform and the platform which has in turn breached the obligations under the Digital Personal Data Protection Act, 2023.[2]
- Mr.Ghosal Pankaraj IMS, Chairperson
| Adjudicatory Board overview | |
|---|---|
| Formed | 13 November 2025 |
| Jurisdiction | India |
| Headquarters | National Capital Region of India |
| Adjudicatory Board executive |
|
| Parent department | Ministry of Electronics and Information Technology |
Background
The events that lead to the establishment of the Data Protection Board of India are as follows:
- On 18 November 2022, the Ministry of Electronics and Information Technology released the Digital Personal Data Protection Bill, 2022 for public consultation.[3][4]
- On 5 July 2023, the cabinet approved the Digital Personal Data Protection Bill, 2023 which is the revised version of the bill which was put up for public consultation earlier.[5]
- On 3 August 2023, the Digital Personal Data Protection Bill, 2023 was introduced in Lok Sabha, the lower house of the Parliament of India.[6]
- On 7 August 2023, the Digital Personal Data Protection Bill, 2023 was passed by Lok Sabha.[7]
- On 9 August 2023, the Digital Personal Data Protection Bill, 2023 was introduced and passed by Rajya Sabha, the upper house of the Parliament of India.[8]
- On 11 August 2023, the President of India has given assent to the Digital Personal Data Protection Bill, 2023 which now makes it the Digital Personal Data Protection Act, 2023.[9][10]
- On 13 November 2025, the Data Protection Board of India was established.[11]
Structure
According to the section 18 of the Digital Personal Data Protection Act, 2023, the board shall consist a Chairperson.[1] Under the Digital Personal Data Protection Rules, 2025, the board shall consist a Chairperson along with members who will be appointed as per the extant rules.[12]
Powers and functions
- The Data Protection Board shall exercise and perform its powers on receipt of an intimation of personal data breach under sub-section (6) of section 8, to direct any urgent remedial or mitigation measures in the event of a personal data breach, and to inquire into such personal data breach and impose penalty as provided in the Digital Personal Data Protection Act, 2023
- To give directions for remediating or mitigating data breaches
- To inquire into data breaches and complaints and impose financial penalties
- To refer complaints for Alternate Dispute Resolution and to accept Voluntary Undertakings from Data Fiduciaries
- To advise the Government to block the website, app etc. of a Data Fiduciary who is found to repeatedly breach the provisions of the Bill
- Adjucate in case of dispute
- The Board shall determine whether there are sufficient grounds to proceed with an inquiry
- Impose penalty in case of breach of provisions in the Digital Personal Data Protection Act, 2023