A Significant Data Fiduciary (SDF) under India's DPDP Act 2023 is an organisation designated by the government based on factors like volume and sensitivity of data and risk to Data Principals. SDFs carry extra obligations in 2026: appointing an India-based Data Protection Officer, conducting DPIAs and periodic audits, and meeting heightened accountability requirements.
How SDFs are designated
The government can designate organisations as Significant Data Fiduciaries based on the volume and sensitivity of personal data processed and the potential risk to Data Principals and the public.
Extra obligations
SDFs must appoint a Data Protection Officer based in India and accountable to the board, conduct Data Protection Impact Assessments and periodic audits, and meet additional due-diligence requirements.
How to prepare
Stand up DPO capability (in-house or as-a-service), automate DPIA and audit readiness, and strengthen governance ahead of any designation.
FAQ
Yes. Significant Data Fiduciaries must appoint a Data Protection Officer based in India and accountable to their board under the DPDP Act 2023.