DPDP 3.3.1 : DPDP and Blockchain – Case Study 1

“The blockchain won’t let me delete your data.” That is not a legal answer under Indian law.

Arjun resigned from his employer and asked them to erase his personal data. His HR team apologised — the data was on their blockchain-based verification system and, they said, could not be deleted.

Under Section 12(3) of the DPDP Act, 2023, every Data Principal has a statutory right to erasure. The Data Fiduciary must comply — unless retention is necessary for a specified purpose or legal obligation. The DPDP Act creates no exception for immutable ledgers.

Furthermore, Section 8(1) places non-derogable liability on the Data Fiduciary. An organisation cannot transfer that liability to its technology architecture.

IS Audit 3.0 by ICAI identifies legal and compliance uncertainty as a primary blockchain risk. Before the DPDP Act, that uncertainty was structural. Today, the law is clear.

The compliance design choices are not complicated — but they must be made at the architecture stage, not after deployment:

→ Store personal data off-chain. Record only a hash on the ledger. Delete the off-chain data on erasure request.
→ Alternatively, encrypt personal data before writing to the chain. On erasure request, delete the encryption key. The block remains — but it is unreadable.
→ For permissioned chains, build node-level governance with erasure-triggering protocols.

Arjun’s employer had an immutable ledger. However, they did not have an erasure plan. Those are two different problems — and only one of them was a technical constraint.

The DPDP Act compliance deadline is 13 May 2027. Blockchain architectures processing personal data today need an erasure design now.

Disclaimer

The contents of this post are intended for general awareness and informational purposes only. They do not constitute legal opinion, professional advice, consultancy, statutory interpretation, or a recommendation to act in any particular manner.

The Digital Personal Data Protection Act, 2023, related rules, notifications, regulatory guidance and judicial interpretations may evolve from time to time. The applicability of the law may also vary depending on the facts, sector, nature of data processing, organisational role, contractual terms and compliance framework.

Readers should not rely solely on this post for making legal, business, HR, technology, data-processing or compliance decisions. Specific advice from a qualified legal, privacy, cybersecurity, governance or compliance professional should be obtained before acting on any matter discussed.

The author / publisher shall not be responsible for any loss, liability, claim, penalty or consequence arising from reliance on the contents of this post without independent professional advice.


Authors:
This article has been co-authored by CA. Sunil Elayadath and CA. Karthik Narayanan S, Partners of Karthik & Sunil, together with Mr. Dhanesh P. K., Designated Partner, DSK Sustainability Tech.

DPDP 3.3.1 : DPDP and Blockchain – Case Study 1

DPDP Meets Emerging Technologies — Episode 3 – Introduction on Blockchain & DPDP

Blockchain and DPDP compliance


Blockchain and DPDP compliance do not come easily together — and that tension is one of the least-discussed compliance risks in India today.

Blockchain promises transparency, tamper-resistance, and decentralised trust. The DPDP Act, 2023 promises individuals the right to have their personal data erased. These two commitments point in opposite directions. The ledger wants to remember everything. The law says individuals have the right to be forgotten.

As organisations across India deploy blockchain in finance, supply chains, healthcare records, and identity verification, this conflict moves from theoretical to urgent. The full compliance deadline under the DPDP Act is 13 May 2027. Moreover, if your organisation’s blockchain architecture stores personal data today, the design decisions you make now will be far harder to reverse later.

Follow us to know more about this in the coming days.

DPDP Meets Emerging Technologies — Episode 3 – Introduction on Blockchain & DPDP