

A Consent Manager is one of the DPDP Act's most distinctive ideas, something even GDPR does not have. It is a registered intermediary platform through which individuals can give, manage, review, and withdraw consent for their personal data, all in one place.
To operate as a Consent Manager, a platform must be incorporated in India, have a net worth of at least ₹2 crore, be registered with the Data Protection Board, be interoperable across services, and retain consent records for 7 years. Registration opens and becomes mandatory in November 2026.
For most businesses, the practical question is not "should we become a Consent Manager" but "is our DPDP consent management ready", meaning valid consent flows, records, and withdrawal mechanisms before the 13 November 2026 deadline.
No cost. No obligation. Get your compliance gap report.
The Act sets a high bar. Consent is only valid if it meets all six conditions below, given through a clear affirmative action.
Given without pressure or coercion. You cannot force consent as the price of an unrelated service.
Tied to a clearly stated purpose. One broad "we may use your data" checkbox does not cover everything.
Backed by a plain-language notice explaining what data is collected, why, and what rights the person has.
Not bundled with other terms. Consent buried in your terms and conditions does not count.
A clear yes through affirmative action. Pre-ticked boxes, silence, and inactivity are all invalid.
Withdrawal must be as easy as giving consent. If signing up takes one click, opting out cannot take five.
Every consent request must be backed by a standalone, plain-language privacy notice, not something buried inside terms and conditions. The notice must include:
If the Data Protection Board ever asks "did this person consent?", your answer needs evidence. That means keeping a consent record for every individual:
Remember: even old customer data collected years ago needs valid consent. Building these records is a core part of DPDP implementation, and it is exactly what our Consent Management Setup service builds for you.
Consent rules and Consent Manager registration become mandatory on 13 November 2026, before full enforcement on 13 May 2027. With setup taking 2-6 months, consent is the workstream you cannot postpone.
Consent is the heart of the DPDP Act, but there is much more: penalties, breach rules, fiduciary duties, and deadlines. Our main guide covers it all.
Learn Everything About DPDP ComplianceA registered intermediary platform through which individuals can give, manage, review, and withdraw consent. It must be incorporated in India, have a net worth of at least ₹2 crore, be interoperable, be registered with the Data Protection Board, and retain consent records for 7 years.
Consent must be free, specific, informed, unconditional, and unambiguous, given through a clear affirmative action. Pre-ticked boxes and consent buried in terms and conditions do not count, and withdrawal must be as easy as giving consent.
On 13 November 2026, when the soft-enforcement window ends. Businesses need working consent systems, notices, and records in place before that date, and setup typically takes 2-6 months.
Yes. Privacy notices must be available in English plus any of the 22 scheduled Indian languages, written in plain language and presented as a standalone notice rather than being buried inside terms and conditions.
One free audit checks your consent flows, notices, and records against the DPDP Act, and shows you exactly what to fix.
Book Your Free DPDP AuditNo cost. No obligation. Get your compliance gap report.
Adri IT Software Solutions Pvt Ltd, an IT company based in Vadodara, helping businesses across Gujarat & India become DPDP-compliant before the deadline. Prefer to talk first? Let's Talk.
Disclaimer: This page is for general information only and is not legal advice. The content is based on the Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025 as published by the Government of India, explained here in simplified language. For the official text, please refer to the Ministry of Electronics and Information Technology (MeitY). Laws and deadlines may change. For a personalised assessment of your business, book a free DPDP audit with our team.