Non-profits collect, store, and process personal data every single day, from beneficiaries and donors to research participants and employees.
With the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025, data protection is now a statutory obligation for non-profits.
The law introduces clear obligations:
Lawful consent and notice
Security safeguards
Grievance redressal mechanisms
Defined retention timelines
Verifiable parental consent requirements
Research and health-related exemptions
We’ve released an updated DPDP Primer for Non-profits to help social sector organisations understand what the law requires and how to operationalise it in practice.
Read the primer: https://www.pacta.in/primers/dpdp-primer-2026