Glossary · Consent Manager

What Is a Consent Manager Under DPDPA?

DPDPA creates Consent Managers as Board-registered intermediaries — think UPI for consent — so individuals can give, review, and withdraw permissions in one place.

Last reviewed: 17 July 2026

Definition

A Consent Manager is a person or platform registered with the Data Protection Board of India that acts as a single point of contact for individuals to give, manage, review, and withdraw their consent — defined under Section 2(g) of the DPDPA, 2023. Think of it like a UPI app, but for consent: instead of managing permissions separately with every business, a Data Principal can handle them all through one accessible, transparent, and interoperable platform. Under Section 6(7)–(9), Consent Managers are accountable to the Data Principal and must meet registration conditions set out in the DPDP Rules, 2025.

How this matters in practice

Most SMBs won't become Consent Managers — but you must be ready to integrate with them and honour consent given or withdrawn through one. Privigo builds your consent lifecycle infrastructure — capture, records, withdrawal handling — so you're interoperable from day one. Our free gap analysis shows where your current consent flow falls short. Fully remote delivery, anywhere in India.

Frequently asked questions

Does my business need to register as a Consent Manager?

No — almost certainly not. Consent Managers are specialised intermediary platforms, not ordinary businesses. Your business is likely a Data Fiduciary, which means your obligation is to obtain valid consent and honour requests routed through a Consent Manager, not to become one yourself.

What are the requirements to become a Consent Manager under the 2025 Rules?

The DPDP Rules, 2025 require registration with the Data Protection Board and set conditions including incorporation in India, minimum net-worth thresholds, sound operational and technical capacity, and avoidance of conflicts of interest with Data Fiduciaries. The platform must be interoperable and cannot itself read the personal data it helps transfer.

What happens when a customer withdraws consent through a Consent Manager?

The withdrawal has the same legal effect as if given directly to you (Section 6(6)). You must stop processing their data for that purpose within a reasonable time and have your Data Processors do the same — unless another legal ground permits continued processing. Your systems need to act on these signals promptly.

Official sources

Make your consent stack interoperable

Book a 30-minute call to see where your consent capture and withdrawal flows need work before Consent Manager integrations become table stakes.

Book a demo Free Gap Analysis

Disclaimer: Privigo is not a law firm. This page provides operational compliance guidance only. For institution-specific obligations, work with qualified Indian legal counsel.