IMPACT OF INDIA'S DIGITAL PERSONAL DATA PROTECTION ACT ON STARTUPS AND SMEs
Aarthi, A and UMA SHANMUGAB PRIYAA, M (2026) IMPACT OF INDIA'S DIGITAL PERSONAL DATA PROTECTION ACT ON STARTUPS AND SMEs. White Black Legal, 3 (6). pp. 1537-1625. ISSN 2581-8503
![[thumbnail of IMPACT OF INDIA'S DIGITAL PERSONAL DATA PROTECTION ACT ON STARTUPS AND SMEs.pdf]](https://ir.vistas.ac.in/style/images/fileicons/text.png)
Text
IMPACT OF INDIA'S DIGITAL PERSONAL DATA PROTECTION ACT ON STARTUPS AND SMEs.pdf
Download (1MB)
Abstract
The Digital Personal Data Protection Act, 2023 (DPDPA 2023) represents India's most
comprehensive legislative response to the global imperative of data governance. Enacted after
a prolonged legislative journey spanning over a decade, the Act fundamentally reconstitutes
the legal relationship between individuals as 'Data Principals' and entities processing their
personal data as 'Data Fiduciaries'. While the Act's enactment has been broadly welcomed as
a landmark step toward aligning India's data governance framework with international best
practices, the specific implications for India's burgeoning startup and Small and Medium
Enterprise (SME) ecosystem—which together contribute approximately 30% to India's Gross
Domestic Product and employ more than 120 million persons—have received
disproportionately limited scholarly attention.
This dissertation undertakes a systematic doctrinal analysis of the DPDPA 2023 to examine
and critically evaluate the compliance burden it imposes upon startups and SMEs in India. The
research proceeds from the identification of a significant gap in existing scholarship: while the
General Data Protection Regulation (GDPR) of the European Union has generated an
extensive body of empirical and doctrinal literature on its differential impact across enterprise
categories, comparable analysis for the Indian statute is conspicuously absent. This gap is
significant not merely in academic terms but carries material policy consequences, given that
India had over 1,17,000 recognised startups as of March 2024, with an estimated 84% of these
being micro-enterprises with limited capital resources and nascent compliance infrastructure.
The research employs a doctrinal methodology, engaging in systematic legal analysis of the
text, structure, and interpretive implications of the DPDPA 2023, its legislative history, the
published Draft DPDP Rules 2025, constitutional provisions relating to privacy and
fundamental rights, and comparative data protection statutes including the GDPR, the
California Consumer Privacy Act (CCPA), and the Personal Information Protection Law
| Item Type: | Article |
|---|---|
| Subjects: | Legal Studies > Information Technology Law |
| Depositing User: | Mr IR Admin |
| Last Modified: | 11 May 2026 09:29 |
| URI: | https://ir.vistas.ac.in/id/eprint/17103 |
Actions (login required)
- View Item