Supriya Mehta

Legal Counsel & Compliance Advisor at ComplyZero

Supriya Mehta specializes in Indian technology and data protection law, with deep expertise in the DPDP Act 2023 and its interplay with global frameworks like GDPR. She advises businesses across industries on compliance strategy, consent architecture, and regulatory readiness. Her writing translates complex legal provisions into actionable business guidance.

8 articles published

5 areas of expertise

Areas of Expertise

DPDP Act 2023Data Protection LawGDPRRegulatory ComplianceChildren's Data Protection

Topic Coverage

DPDP FundamentalsPenalties & EnforcementChildren's DataComparisons

Articles by Supriya Mehta

"Legitimate Uses" Under DPDP: When You Don't Need Consent

Section 7 of the DPDP Act 2023 defines nine grounds for processing personal data without consent. Here is what each one means, where businesses misread them, and how they differ from GDPR.

DPDP Act Exemptions: When the Law Does Not Apply

Section 17 of the DPDP Act 2023 carves out 10 categories of exempt processing. Here is what qualifies, what remains partially covered, and what businesses get wrong.

DPDP for Healthcare: How India's Data Protection Law Applies to Hospitals, HealthTech, and Clinical Research

Healthcare providers are Data Fiduciaries under DPDP. Here are the consent rules, breach obligations, research exemptions, and children's data carve-outs that apply specifically to your sector.

Data Principal Rights Under DPDP: Access, Correction, Erasure, and Nomination

A section-by-section guide to the four rights every Data Principal holds under India's DPDP Act 2023, plus the duties most businesses overlook.

Significant Data Fiduciary (SDF): Extra Obligations You Must Know

Section 10 of the DPDP Act creates a heightened compliance tier. If your organisation qualifies as an SDF, here is exactly what changes.

Who is a Data Fiduciary Under DPDP? Roles, Obligations, and Penalties

Section 2(i) of the DPDP Act makes every business that decides what data to collect a Data Fiduciary. Here are the obligations, penalties, and mistakes to avoid.

DPDP Act 2023: Complete Guide to India's Data Protection Law

A section-by-section guide to India's Digital Personal Data Protection Act, 2023, covering consent, data principal rights, penalties up to ₹250 crore, and the May 2027 enforcement deadline.

DPDP Rules 2025: Full Breakdown of India's Data Protection Rules (Compliance Deadline: May 2027)

A rule-by-rule breakdown of the DPDP Rules 2025: phased deadlines, consent notices, breach notification, security safeguards, and what Indian businesses must implement by May 2027.