New framework: DPDPA (2025 Act rules) now available in Scrut

What's new?

Scrut now supports the India Digital Personal Data Protection Act (DPDPA) with the fully integrated 2025 Rules. The 2025 Rules introduce operational mandates, explicit timelines, statutory forms, and systemic parameters. Scrut has carried out a complete re-engineering of the underlying content library and control mappings to align with the updated ruleset.

Why was this needed?

The 2025 DPDPA Rules transform the high-level legal principles of the original act into rigid operational mandates, covering areas like granular consent, breach notification mechanics, data principal rights, and enhanced requirements for Significant Data Fiduciaries. Scrut's integrated framework lets you align your India privacy program to the current rule baseline that customers and auditors expect.

How it works

• Navigate to Compliance -> Frameworks and locate DPDPA (2025 Act rules) in the Frameworks Library.

• Add the framework to your active frameworks to begin tracking your posture against the combined Act and 2025 Rules.

• Review your compliance posture from a single dashboard, covering all key requirement areas including consent, breach notification, and data principal rights.

• Use Scrut's cross-framework mapping to automatically match existing evidence from frameworks such as ISO/IEC 27001:2022 and the EU GDPR to corresponding DPDPA controls, auto-populating up to 65% of your requirements.

• Use Compliance -> Controls and related assessments to track and manage your DPDPA work alongside your other active frameworks.

Need help?

Your Customer Success Manager (CSM) is always ready to help if you need assistance. Explore all recent product updates → View now.