We’ve been collecting donor data for years. Do we need to go back and get new consent from all existing donors to comply with the DPDP Act?
Even prior to the enactment of the DPDP Act, you should have collected consent - since donor data would entail sensitive personal data under the Information Technology Act 2000 read with SPDI Rules. Hence you should collect consent at least applicable futuristically. Hope this helps!
You can read the Information Technology Act mentioned by @NiveditaPacta here.