GDPR cookie banners may not be enough for India

Web and app businesses serving Indian users may not meet India’s DPDP with a standard GDPR cookie banner. DPDP looks beyond cookies and covers personal data handled across the whole , including signup, payments, support, deletion requests, and consent records. India’s DPDP Rules were notified on November 14, 2025, and full enforcement of the main remaining provisions is scheduled for May 13, 2027, so the preparation window is getting shorter.

are described as reaching up to ₹250 crore in serious cases. Skope is presented as an India-focused tool that blocks scripts until consent is given, creates privacy notices in all 22 Eighth Schedule languages, stores consent receipts for audit records, and includes for user data rights requests, erasure, and parental consent checks.

Key points

  • India’s DPDP rules cover personal data across the service, not only cookies.
  • The DPDP Rules were notified on November 14, 2025, with full enforcement of key remaining provisions scheduled for May 13, 2027.
  • Possible are described as reaching up to ₹250 crore in serious cases.
  • Skope says it can block trackers before consent, create notices in 22 Indian scheduled languages, and keep consent records.
  • Solo SaaS builders targeting India should review signup, , ads, support, deletion, and parental consent flows.
Read original