{"id":981,"date":"2026-06-05T11:52:30","date_gmt":"2026-06-05T10:52:30","guid":{"rendered":"https:\/\/www.befisc.com\/fintechsherlock\/?p=981"},"modified":"2026-06-08T17:31:09","modified_gmt":"2026-06-08T16:31:09","slug":"dpdp-act-kyc-compliance-fintech","status":"publish","type":"post","link":"https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/","title":{"rendered":"DPDP Act and KYC: What Fintech Companies Need to Know About India’s New Data Protection Framework"},"content":{"rendered":"\n

India’s Digital Personal Data Protection Act 2023 and the DPDP Rules notified in November 2025 \u2014 with an 18-month compliance deadline of May 2027 \u2014 have changed the legal landscape for every organisation that processes customer personal data. For fintechs and NBFCs, the impact is particularly acute: KYC workflows are inherently data-intensive, involving the collection of Aadhaar, PAN, photographs, financial statements<\/a>, and address proof. The same data flows that satisfy RBI KYC requirements are now subject to a second, overlapping compliance framework with its own consent, retention, purpose limitation, and data rights obligations. Non-compliance attracts penalties up to \u20b9250 crore. This guide explains what the DPDP Act changes for KYC-intensive fintechs and what dual compliance \u2014 RBI plus DPDP \u2014 actually requires in operational terms.<\/p>\n\n\n\n

Table of Contents<\/strong><\/p>\n\n\n\n

    \n
  1. The Dual Compliance Mandate: RBI KYC + DPDP Act<\/li>\n\n\n\n
  2. Consent Under DPDP: What Changes for KYC Data Collection<\/li>\n\n\n\n
  3. Purpose Limitation and Data Minimisation in KYC Workflows<\/li>\n\n\n\n
  4. KYC Data Retention: Reconciling RBI and DPDP Requirements<\/li>\n\n\n\n
  5. Vendor and LSP Obligations Under DPDP<\/li>\n\n\n\n
  6. Building DPDP-Compliant KYC Workflows: A Practical Framework<\/li>\n\n\n\n
  7. Key Takeaways<\/li>\n\n\n\n
  8. Frequently Asked Questions<\/li>\n\n\n\n
  9. Conclusion<\/li>\n<\/ol>\n\n\n\n

    The Dual Compliance Mandate: RBI KYC + DPDP Act<\/strong><\/h2>\n\n\n\n

    India’s fintech ecosystem now operates under two intersecting compliance regimes. The RBI KYC Master Directions<\/a> establish what data must be collected, from whom, and how it must be verified. The DPDP Act establishes how that data may be used, how long it can be retained, and what rights the data subject has over it. The two frameworks share the objective of protecting consumers, but they do not always align on the operational details \u2014 creating genuine complexity for compliance teams.<\/p>\n\n\n\n

    The most important point of interaction is consent. The DPDP Act requires explicit, informed consent for the collection and processing of personal data, with a clear statement of purpose. The RBI KYC Master Directions permit \u2014 and in some cases require \u2014 the collection of identity and financial data<\/a> as a regulatory obligation. The DPDP Rules clarify that “legitimate use” \u2014 processing necessary to comply with a law or regulation \u2014 can substitute for consent in specific cases. For RBI-mandated KYC, this means the legal basis for data collection is the regulatory obligation rather than consent. However, any processing that goes beyond the minimum required for regulatory compliance \u2014 such as using KYC data for marketing or credit scoring beyond the origination decision<\/a> \u2014 requires specific consent.<\/p>\n\n\n\n

    Fintechs that use KYC data for purposes beyond the RBI mandate \u2014 cross-selling, behavioural profiling, alternative credit scoring<\/a> \u2014 must ensure that consent for these additional purposes is separately obtained, clearly described, and revocable by the customer on request.<\/p>\n\n\n\n

    Consent Under DPDP: What Changes for KYC Data Collection<\/strong><\/h2>\n\n\n\n

    The DPDP Act requires that consent be free, specific, informed, and revocable. The consent notice must describe in plain language: what data is being collected, the specific purpose for which it will be used, with whom it will be shared, and how long it will be retained. Pre-checked boxes, bundled consents (one consent for multiple unrelated purposes), or consents buried in terms and conditions do not meet the standard.<\/p>\n\n\n\n

    For KYC for fintech workflows, this has two operational implications. First, the onboarding consent flow<\/a> must clearly distinguish between data collected to satisfy RBI KYC requirements (for which the legal basis is regulatory obligation) and data collected for any additional purpose (for which explicit consent is required). Second, the consent record \u2014 including the timestamp, the consent text presented to the user, and the user’s affirmative action \u2014 must be maintained for the audit trail required under the DPDP Rules<\/a>.<\/p>\n\n\n\n

    Fintechs using LSPs (Lending Service Partners) or third-party KYC<\/a> vendors must ensure that their vendor contracts specify that the vendor will only process data for the stated purposes and will not retain, share, or reuse KYC data beyond what the fintech has disclosed to the customer. A vendor data processing agreement that is silent on purpose limitation and retention is a DPDP Act compliance risk.<\/p>\n\n\n\n

    Purpose Limitation and Data Minimisation in KYC Workflows<\/strong><\/h2>\n\n\n\n

    Purpose limitation \u2014 the requirement that data collected for one purpose not be used for a different, unrelated purpose without fresh consent \u2014 creates a direct constraint on how KYC data can be used downstream. Data collected for Aadhaar-based eKYC<\/a> at account opening cannot subsequently be used for location analytics, marketing segmentation, or alternative credit modelling<\/a> without specific consent for each of those purposes.<\/p>\n\n\n\n

    Data minimisation \u2014 collecting only what is necessary for the stated purpose \u2014 creates pressure on KYC workflows that have historically collected more data than required. An onboarding flow that requests income documents, employment details, and utility bills when only Aadhaar and PAN are required for the KYC purpose must justify each additional data point. The DPDP Rules place the burden of justification on the Data Fiduciary (the fintech) rather than requiring the user to object.<\/p>\n\n\n\n

    For biometric data <\/a>\u2014 which is classified as sensitive personal data \u2014 stricter handling obligations apply. Aadhaar biometric authentication data retrieved via UIDAI cannot be stored locally under UIDAI rules; this restriction is reinforced by DPDP. Any liveness check data<\/a> that constitutes biometric information must have a defined retention purpose and deletion schedule.<\/p>\n\n\n\n

    KYC Data Retention: Reconciling RBI and DPDP Requirements<\/strong><\/h2>\n\n\n\n

    The RBI KYC Master Directions <\/a>require Regulated Entities to retain KYC records for at least five years after the end of the business relationship. PMLA requires transaction records to be maintained for ten years. The DPDP Act requires that personal data be retained only for as long as necessary for the purpose for which it was collected \u2014 with mandatory deletion once the purpose is fulfilled or the legal retention period expires.<\/p>\n\n\n\n

    For most KYC data, the RBI and PMLA retention obligations define the minimum retention period, and the DPDP Rules recognise that legal obligations can extend the retention period beyond what the DPDP Act’s default minimisation principle would otherwise require. The operative conclusion: KYC records must be retained for the period required by the applicable financial regulation, and must be deleted \u2014 with a documented deletion log \u2014 at the end of that period.<\/p>\n\n\n\n

    The practical challenge is not the retention period itself but the deletion process. Many fintech data architectures retain data indefinitely in data warehouses and analytics pipelines. The DPDP Rules require that deletion be technically enforced, not just policy-stated. Organisations that have not built data lifecycle management<\/a> into their architecture \u2014 with automated deletion triggers at the end of defined retention periods \u2014 face significant remediation effort before the May 2027 compliance deadline.<\/p>\n\n\n\n

    Vendor and LSP Obligations Under DPDP<\/strong><\/h2>\n\n\n\n

    The DPDP Act places obligations on both Data Fiduciaries (the entity that determines the purpose and means of processing) and Data Processors (entities that process data on behalf of the Fiduciary, under contract). For fintechs, any third-party KYC <\/a>vendor, LSP, or verification API provider that handles customer personal data is a Data Processor.<\/p>\n\n\n\n

    The fintech must ensure that its contracts with these processors include specific provisions: limitations on data use (processor may only use data for the services provided), security standards, deletion obligations at contract termination, sub-processing restrictions, and breach notification timelines. A vendor who is ISO 27001 certified provides a baseline security assurance but not automatically a DPDP compliance assurance \u2014 the contractual obligations must be separately addressed.<\/p>\n\n\n\n

    For Aadhaar-based KYC vendors<\/a>, the UIDAI framework already imposes strict data handling restrictions that align with DPDP’s requirements. However, for non-Aadhaar verification data \u2014 PAN, GST, document images<\/a> \u2014 the DPDP data processor obligations must be explicitly addressed in vendor agreements.<\/p>\n\n\n\n

    Building DPDP-Compliant KYC Workflows: A Practical Framework<\/strong><\/h2>\n\n\n\n

    A DPDP-compliant KYC workflow for fintechs has six components. First, a layered consent architecture<\/a> that clearly separates regulatory-basis data collection from consent-basis processing, with a separate consent for each additional use case. Second, a purpose limitation registry that documents, for every data point collected, the purpose, legal basis, retention period, and deletion trigger. Third, data minimisation review <\/a>\u2014 a periodic audit of what data is being collected against what is required for each stated purpose. Fourth, vendor data processing agreements<\/a> that explicitly address all DPDP requirements for each processor in the data chain. Fifth, a data subject rights workflow \u2014 enabling customers to access, correct, and request deletion of their data, with a 30-day response SLA mandated by the Rules. Sixth, a breach response protocol <\/a>\u2014 the DPDP Rules require notification to the Data Protection Board within 72 hours of becoming aware of a personal data breach.<\/p>\n\n\n\n

    DPDP Act Implementation Roadmap for Fintechs: Where to Start<\/strong><\/h2>\n\n\n\n

    With the DPDP Act compliance deadline of May 2027 approaching, fintechs and NBFCs that have not yet begun structured implementation planning face increasing time pressure. The scope of changes required \u2014 consent architecture redesign, data lifecycle management implementation, vendor contract restructuring, and data subject rights workflow creation \u2014 is not achievable in the final three months before the deadline. The organisations that will be compliant on time are those that have structured their implementation as a phased programme beginning now.<\/p>\n\n\n\n

    The implementation roadmap that most compliance teams are following has four phases. Phase one (months one to three) is data mapping: creating a comprehensive inventory of what personal data is collected, where it is stored, how long it is retained, with whom it is shared, and what the legal basis for each processing activity is. Without this foundation, subsequent compliance work is directionally blind.<\/p>\n\n\n\n

    Phase two (months three to six) is gap analysis: comparing the data map against DPDP Act requirements, identifying where the current processing activities do not meet the standard (purpose limitation violations, consent gaps, retention periods without deletion enforcement, vendor contracts without adequate data processor obligations).<\/p>\n\n\n\n

    Phase three (months six to fifteen) is remediation: implementing the changes identified in the gap analysis \u2014 restructuring consent flows, building data deletion automation, renegotiating vendor contracts<\/a>, creating the data subject rights handling workflow, and establishing the breach notification process<\/a>. Phase four (months fifteen to eighteen) is audit and validation: testing the implemented controls against the DPDP Rules requirements, conducting a mock Data Protection Board inspection, and confirming that the implemented changes are functioning as designed. Beginning this programme now is not premature \u2014 it is necessary.<\/p>\n\n\n\n

    Key Takeaways<\/strong><\/h2>\n\n\n\n
      \n
    • The DPDP Act creates a dual compliance mandate alongside RBI KYC requirements \u2014 the same KYC data flows now have both regulatory obligations and data protection obligations.<\/li>\n\n\n\n
    • Consent under DPDP must be free, specific, and revocable \u2014 bundled or pre-checked consents do not comply; KYC data used beyond the regulatory minimum requires separate, explicit consent.<\/li>\n\n\n\n
    • Purpose limitation restricts the use of KYC data to the stated purpose \u2014 using Aadhaar eKYC data for marketing or alternative scoring without specific consent is a DPDP violation.<\/li>\n\n\n\n
    • KYC data retention must align with RBI\/PMLA minimum periods AND include automated deletion at the end of those periods \u2014 indefinite retention in data warehouses is non-compliant.<\/li>\n\n\n\n
    • Vendor and LSP contracts must explicitly address DPDP data processor obligations \u2014 ISO 27001 certification is necessary but not sufficient for DPDP compliance.<\/li>\n<\/ul>\n\n\n\n

      Frequently Asked Questions<\/strong><\/h2>\n\n\n\n
      \n
      \n
      \n
      Q: How does the DPDP Act affect KYC processes for fintechs?<\/strong><\/h6>\n
      <\/div>
      <\/div><\/div><\/div><\/div>\n\n\n\n
      \n

      The DPDP Act adds data governance obligations \u2014 consent, purpose limitation, retention schedules, vendor controls, and data subject rights \u2014 on top of the RBI KYC Master Directions. It does not replace KYC requirements, but it restricts how KYC data can be used, how long it can be retained, and what rights customers have over it. Fintechs must operate both frameworks simultaneously.<\/em><\/p>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n

      \n
      \n
      \n
      Q: Do fintechs need consent for KYC data collection under the DPDP Act?<\/strong><\/h6>\n
      <\/div>
      <\/div><\/div><\/div><\/div>\n\n\n\n
      \n

      Not necessarily for the minimum data required by the RBI KYC mandate \u2014 the legal basis for that collection is the regulatory obligation, not consent. However, any use of KYC data beyond the regulatory purpose (marketing, profiling, cross-selling) requires explicit, specific consent that is separately obtained and revocable.<\/em><\/p>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n

      \n
      \n
      \n
      Q: What are the penalties for DPDP Act non-compliance in India?<\/strong><\/h6>\n
      <\/div>
      <\/div><\/div><\/div><\/div>\n\n\n\n
      \n

      Penalties under the DPDP Act reach up to \u20b9250 crore for significant violations, including failure to implement adequate security safeguards and failure to honour data subject rights. The Data Protection Board of India has the authority to investigate complaints and impose financial penalties.<\/em><\/p>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n

      \n
      \n
      \n
      Q: When is the DPDP Act compliance deadline?<\/strong><\/h6>\n
      <\/div>
      <\/div><\/div><\/div><\/div>\n\n\n\n
      \n

      The DPDP Rules 2025 were notified in November 2025 with an 18-month compliance deadline \u2014 placing the deadline at May 2027. However, organisations that have not begun compliance planning by mid-2026 face significant remediation challenges, particularly around data lifecycle management and vendor contract restructuring.<\/em><\/p>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n

      Conclusion<\/strong><\/h2>\n\n\n\n

      The DPDP Act does not make compliance harder for fintechs that have already built thoughtful, minimal KYC workflows. It makes compliance harder for those that have historically collected more data than needed, retained it longer than required, and shared it more broadly than customers expected. The May 2027 deadline is close enough that the planning and implementation work needs to start now \u2014 particularly for data lifecycle management, vendor contract restructuring, and consent architecture redesign, which are not quick fixes.<\/p>\n","protected":false},"excerpt":{"rendered":"India’s Digital Personal Data Protection Act 2023 and the DPDP Rules notified in November 2025 \u2014 with an…","protected":false},"author":8,"featured_media":1013,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"csco_singular_sidebar":"","csco_page_header_type":"","csco_page_load_nextpost":"","footnotes":""},"categories":[5],"tags":[399,397,400,398],"class_list":["post-981","post","type-post","status-publish","format-standard","has-post-thumbnail","category-resources","tag-dpdp-act-fintech","tag-dpdp-act-india","tag-fintech-compliance-india","tag-kyc-compliance-india","cs-entry"],"yoast_head":"\nDPDP Act and KYC: What Fintech Companies Must Know<\/title>\n<meta name=\"description\" content=\"How India's DPDP Act 2023 and DPDP Rules 2025 change KYC data handling for fintechs \u2014 covering consent, retention, vendor obligations, and what the dual compliance mandate means in practice.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DPDP Act and KYC: What Fintech Companies Must Know\" \/>\n<meta property=\"og:description\" content=\"How India's DPDP Act 2023 and DPDP Rules 2025 change KYC data handling for fintechs \u2014 covering consent, retention, vendor obligations, and what the dual compliance mandate means in practice.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/\" \/>\n<meta property=\"og:site_name\" content=\"BeFiSc\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-05T10:52:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-08T16:31:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.befisc.com\/fintechsherlock\/wp-content\/uploads\/2026\/06\/DPDP-Act-and-KYC-What-Fintech-Companies-Need-to-Know-About-Indias-New-Data-Protection-Framework.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1392\" \/>\n\t<meta property=\"og:image:height\" content=\"784\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Chailsee yadav\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chailsee yadav\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DPDP Act and KYC: What Fintech Companies Must Know","description":"How India's DPDP Act 2023 and DPDP Rules 2025 change KYC data handling for fintechs \u2014 covering consent, retention, vendor obligations, and what the dual compliance mandate means in practice.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/","og_locale":"en_GB","og_type":"article","og_title":"DPDP Act and KYC: What Fintech Companies Must Know","og_description":"How India's DPDP Act 2023 and DPDP Rules 2025 change KYC data handling for fintechs \u2014 covering consent, retention, vendor obligations, and what the dual compliance mandate means in practice.","og_url":"https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/","og_site_name":"BeFiSc","article_published_time":"2026-06-05T10:52:30+00:00","article_modified_time":"2026-06-08T16:31:09+00:00","og_image":[{"width":1392,"height":784,"url":"https:\/\/www.befisc.com\/fintechsherlock\/wp-content\/uploads\/2026\/06\/DPDP-Act-and-KYC-What-Fintech-Companies-Need-to-Know-About-Indias-New-Data-Protection-Framework.png","type":"image\/png"}],"author":"Chailsee yadav","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Chailsee yadav","Estimated reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/#article","isPartOf":{"@id":"https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/"},"author":{"name":"Chailsee yadav","@id":"https:\/\/web.befisc.com\/fintechsherlock\/#\/schema\/person\/6b4fa6213a7742947b3a7717dcd5615e"},"headline":"DPDP Act and KYC: What Fintech Companies Need to Know About India’s New Data Protection Framework","datePublished":"2026-06-05T10:52:30+00:00","dateModified":"2026-06-08T16:31:09+00:00","mainEntityOfPage":{"@id":"https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/"},"wordCount":2111,"commentCount":0,"publisher":{"@id":"https:\/\/web.befisc.com\/fintechsherlock\/#organization"},"image":{"@id":"https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/#primaryimage"},"thumbnailUrl":"https:\/\/www.befisc.com\/fintechsherlock\/wp-content\/uploads\/2026\/06\/DPDP-Act-and-KYC-What-Fintech-Companies-Need-to-Know-About-Indias-New-Data-Protection-Framework.png","keywords":["DPDP Act fintech","DPDP Act India","fintech compliance India","KYC compliance India"],"articleSection":["Resources"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/","url":"https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/","name":"DPDP Act and KYC: What Fintech Companies Must Know","isPartOf":{"@id":"https:\/\/web.befisc.com\/fintechsherlock\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/#primaryimage"},"image":{"@id":"https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/#primaryimage"},"thumbnailUrl":"https:\/\/www.befisc.com\/fintechsherlock\/wp-content\/uploads\/2026\/06\/DPDP-Act-and-KYC-What-Fintech-Companies-Need-to-Know-About-Indias-New-Data-Protection-Framework.png","datePublished":"2026-06-05T10:52:30+00:00","dateModified":"2026-06-08T16:31:09+00:00","description":"How India's DPDP Act 2023 and DPDP Rules 2025 change KYC data handling for fintechs \u2014 covering consent, retention, vendor obligations, and what the dual compliance mandate means in practice.","breadcrumb":{"@id":"https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/#primaryimage","url":"https:\/\/www.befisc.com\/fintechsherlock\/wp-content\/uploads\/2026\/06\/DPDP-Act-and-KYC-What-Fintech-Companies-Need-to-Know-About-Indias-New-Data-Protection-Framework.png","contentUrl":"https:\/\/www.befisc.com\/fintechsherlock\/wp-content\/uploads\/2026\/06\/DPDP-Act-and-KYC-What-Fintech-Companies-Need-to-Know-About-Indias-New-Data-Protection-Framework.png","width":1392,"height":784},{"@type":"BreadcrumbList","@id":"https:\/\/www.befisc.com\/fintechsherlock\/dpdp-act-kyc-compliance-fintech\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.befisc.com\/fintechsherlock\/"},{"@type":"ListItem","position":2,"name":"DPDP Act and KYC: What Fintech Companies Need to Know About India’s New Data Protection Framework"}]},{"@type":"WebSite","@id":"https:\/\/web.befisc.com\/fintechsherlock\/#website","url":"https:\/\/web.befisc.com\/fintechsherlock\/","name":"BeFiSc","description":"Founder Articles","publisher":{"@id":"https:\/\/web.befisc.com\/fintechsherlock\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/web.befisc.com\/fintechsherlock\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/web.befisc.com\/fintechsherlock\/#organization","name":"BeFiSc","url":"https:\/\/web.befisc.com\/fintechsherlock\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/web.befisc.com\/fintechsherlock\/#\/schema\/logo\/image\/","url":"https:\/\/www.befisc.com\/fintechsherlock\/wp-content\/uploads\/2025\/06\/befiscsymbol.png","contentUrl":"https:\/\/www.befisc.com\/fintechsherlock\/wp-content\/uploads\/2025\/06\/befiscsymbol.png","width":508,"height":120,"caption":"BeFiSc"},"image":{"@id":"https:\/\/web.befisc.com\/fintechsherlock\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/web.befisc.com\/fintechsherlock\/#\/schema\/person\/6b4fa6213a7742947b3a7717dcd5615e","name":"Chailsee yadav","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/1bd43e74edffa6494c6b2aa707e92cd52e04c1319d36fb8b57e2945bb6ca2a2c?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1bd43e74edffa6494c6b2aa707e92cd52e04c1319d36fb8b57e2945bb6ca2a2c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1bd43e74edffa6494c6b2aa707e92cd52e04c1319d36fb8b57e2945bb6ca2a2c?s=96&d=mm&r=g","caption":"Chailsee yadav"},"url":"https:\/\/www.befisc.com\/fintechsherlock\/author\/chailsee-yadav\/"}]}},"_links":{"self":[{"href":"https:\/\/www.befisc.com\/fintechsherlock\/wp-json\/wp\/v2\/posts\/981","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.befisc.com\/fintechsherlock\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.befisc.com\/fintechsherlock\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.befisc.com\/fintechsherlock\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.befisc.com\/fintechsherlock\/wp-json\/wp\/v2\/comments?post=981"}],"version-history":[{"count":1,"href":"https:\/\/www.befisc.com\/fintechsherlock\/wp-json\/wp\/v2\/posts\/981\/revisions"}],"predecessor-version":[{"id":983,"href":"https:\/\/www.befisc.com\/fintechsherlock\/wp-json\/wp\/v2\/posts\/981\/revisions\/983"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.befisc.com\/fintechsherlock\/wp-json\/wp\/v2\/media\/1013"}],"wp:attachment":[{"href":"https:\/\/www.befisc.com\/fintechsherlock\/wp-json\/wp\/v2\/media?parent=981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.befisc.com\/fintechsherlock\/wp-json\/wp\/v2\/categories?post=981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.befisc.com\/fintechsherlock\/wp-json\/wp\/v2\/tags?post=981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}