Sign In
By signing in or creating an account, you agree with Associated Broadcasting Company's Terms & Conditions and Privacy Policy.
By signing in or creating an account, you agree with Associated Broadcasting Company's Terms & Conditions and Privacy Policy.
New Delhi: The advertising and marketing ecosystem in India is in structural reset due to the implementation of the Digital Personal Data Protection (DPDP) Act. Amending the law, which was announced by the Ministry of Electronics and Information Technology (MeitY) on November 13, 2025, has fundamentally altered the way in which brands and agencies collect, store, and use consumer information.
Data minimisation through explicit consent, accountability, and data minimisation is at the heart of the DPDP Act that is compelling agencies to leave behind the legacy data practices. What used to be the order of the day, i.e., gathering superfluous information about the customer or depending on loosely regulated third-party tools, is now becoming a legal and operational risk. What they came out with is a new privacy-first playbook that redefines the ad industry in India.
According to ad agencies, the act demands a reassessment of the marketing processes. It encompasses CRM systems, analytics systems, human resources databases, and integrations.
The data privacy practice DPDP compels companies to reconsider the flow of personal information through all touchpoints, as Prashant Puri, co-founder and CEO of AdLift (Liqvd Asia), explains. Most of the brands already adhere to international standards such as GDPR, but DPDP brings new regulations specific to India, such as consent, the scope of purpose, and the responsibility of the vendor.
There is now explicit consent before data is gathered by agencies. Campaigns, newsletters and lead generation require the use of opt-in forms. Sharing of data that is stored is highly regulated, and teams are undergoing training on how to manage information in a responsible manner.
Agencies have implemented internal changes in order to meet the requirement. These would involve consent trackers, more rigorous data collection standards, new contracts, and new NDAs with clients and partners.
New SOPs are used to make sure that no unsolicited communication is received. The collection of data is focused on campaign-specific critical information. The retention periods are shorter. According to Chandan Sharma, the General Manager, Digital Media at Adani Group, we are no longer able to gather data that is nice-to-have.
Audits on vendors are also becoming common. DPDP is also being vetted to partners in martech and analytics, such as data storage location and methods.
Agencies are developing formal DPDP playbooks. Training of employees is now compulsory. Data ingestion processes, anonymisation processes, retention processes, and data destruction are being documented.
Privacy by design is invading campaign planning. According to Vaishal Dalal, co-founder of Excellent Publicity, users should be able to understand the use of their data clearly. The agencies are enhancing audio trails and revamping privacy notices to allow users to exercise privacy rights like the right to access and the right to delete data.
There is the close collaboration of creative, media, legal and tech teams. According to Yasin Hamidani, a director at Media Care Brand Solutions, all data-led decisions should be compliant, open and purpose-orientated.
These developments are increasing the operating costs. Competition Legal reviews, audits, secure data storage, consent management tools, and staff training are driving cost increases of 12-18 per cent in mid- and large-sized agencies.
In the case of smaller agencies, the pressure is greater. The compliance of DPDP demands serious systems rather than a rushed solution. The agencies that process high amounts of personal information are even higher.
Most of the costs are front-loaded, but the cost influences day-to-day operations. All campaigns must be documented, have evidence of consent, and be prepared to breach, Sharma said.
Brands are also being affected. Authenticated data is also more expensive, Sharma observed. Although the amount of ads has not declined, the logic of targeting is scrutinised more tightly.
Industry is changing to responsive reach as opposed to reach buying. Privacy-friendly targeting is now a luxury. Perhaps, the costs will increase 5-10 per cent, particularly in such areas as BFSI, healthcare, and e-commerce.
There are platforms that are imposing higher costs on compliant data processing. Costs of compliance are being transferred over to agencies. Generation of leads is shifting to quality. Privacy has turned out to be a cost of doing business in India in the new data regime.
