Business

IDfy Wins MeitY-NeGD DPDP Innovation Challenge as India Moves Closer to Privacy Enforcement

Jul 08, 2026

PRNewswire
Mumbai (Maharashtra) [India], July 8: Baldor Technologies Pvt. Ltd., which operates as IDfy, has won Code for Consent: The DPDP Innovation Challenge, a competition run by MeitY Startup Hub in collaboration with the National e-Governance Division (NeGD) under the Ministry of Electronics and Information Technology. Jio Platforms Limited was named runner-up. In its evaluation, the organisers noted that IDfy's submission showed strong alignment with the Digital Personal Data Protection Act, alongside notable innovation, technical robustness, and the practical applicability of its privacy and data governance platform, with consent management as the entry point to end-to-end DPDP implementation. MeitY Startup Hub and NeGD tested consent management system s on technical, functional, and legal readiness through live demonstrations, as enterprises brace for enforcement of the Digital Personal Data Protection Act.
The result places IDfy, a 15-year-old trust stack company, and Privy by IDfy, its privacy and data governance platform, at an important point in India's transition from privacy readiness to privacy execution. As thousands of enterprises prepare for the operational demands of the DPDP Act, the challenge tested a capability that will soon become critical: proving, in practice, that organisations can obtain and manage user consent, govern the personal data that flows from it, and produce verifiable evidence under India's new privacy law.
A challenge built around a looming deadline
The challenge was designed to surface systems capable of supporting consent, and the data governance around it, at the scale India's privacy regime under the Digital Personal Data Protection Act, 2023, will demand. That framing matters. With DPDP implementation moving closer, consent is moving from a compliance afterthought to a system-level requirement, while privacy and data governance are becoming enterprise infrastructure. The government-backed challenge signalled the need for solutions that can work in real-world enterprise environments, rather than only on paper.
For organisations, DPDP execution will require visibility into where personal data resides, how it is classified, how it moves across systems and vendors, where risks exist, and whether evidence can be produced when required. That makes capabilities such as data discover & classification, DSPM, third-party risk management, privacy impact assessments, and rights management central to compliance.
Entries were assessed across technical, functional, and legal compliance readiness, followed by final presentations and live demonstrations before winners were declared. For the broader market, the challenge is a signal of where regulatory expectations are heading: DPDP compliance will not be limited to consent notices, but will depend on connected systems that can govern consent, data, risk, rights, and evidence across the enterprise.
The platform behind the win
IDfy built Privy as a privacy and data governance platform for enterprises preparing for DPDP implementation at scale. The company's argument, and the one the evaluation appears to have validated, is that consent capture is only the entry point to DPDP readiness. Once an enterprise starts collecting consent at volume, it has to answer harder questions: where does personal data actually reside, how does it move between systems and vendors, who has access to it, how are data principal rights fulfilled when a user asks, and can the organisation produce verifiable evidence when a regulator comes calling.
Privy is built to handle that broader arc. The platform covers consent governance, data discovery and classification through Data Compass, data principal rights management, privacy risk assessments, third-party risk management, privacy-enhancing technologies, DSPM, and compliance evidence across the enterprise. It draws on IDfy's 15 years of work in identity verification, fraud prevention, and risk intelligence, domains where operating at scale and producing audit-ready records are already table stakes.
"The DPDP Act is forcing a boardroom shift in how companies treat trust and accountability," said Malcolm Gomes, COO of IDfy and head of Privy. "What made this challenge different was the depth of the evaluation. It wasn't a pitch. We were tested on legal readiness, technical robustness, and interoperability, then had to demonstrate it live. That validated something we've argued for a while: consent capture is the easy part. The hard part is governing data across discovery, access, rights, and evidence at enterprise scale, and being able to prove it. With IDfy's 15 years of experience in building trust infrastructure for Indian enterprises, Privy brings the same execution depth to privacy and data governance. This recognition from MeitY Startup Hub and NeGD strengthens our belief that India needs DPDP infrastructure that is scalable, interoperable, technically robust, and built for real-world adoption."
A market moving from checklist to infrastructure
The recognition arrives as privacy readiness climbs the boardroom agenda. Personal data now moves across products, vendors, and customer journeys in ways that a legal checklist or a one-time software install cannot govern. Enterprises in regulated and high-growth sectors are increasingly treating DPDP compliance as operational infrastructure, something that has to run continuously rather than a project that closes.
That demand is visible in Privy's footprint. The platform is currently a trusted choice for enterprises across banking, insurance, NBFCs, fintech, ecommerce, telecom, and professional services, including Axis Bank, HSBC, Federal Bank, Shriram Finance, Aditya Birla Capital, Housing.com, Airtel, Shoppers Stop, and Teleperformance, among others. The company reports 50-plus live implementations across enterprise environments. Across these deployments, Privy covers close to 500 million users and has processed between 70 and 80 million consent notices, making it one of the largest ongoing DPDP implementation efforts in the country.
Extending the TrustStack into privacy
For IDfy, privacy governance is a logical extension rather than a pivot. Fifteen years in identity verification and fraud prevention has given the company an understanding of India's personal data landscape that is hard to shortcut: the languages a consent notice has to speak, the phygital flows where paper and digital collection meet, and the industry-specific ways Indian enterprises actually handle customer data. This is not a company that arrived with the law. It has been shaping India's trust and data protection landscape for a decade and a half, building what it calls its TrustStack across customer, employee, partner, and vendor journeys. Privy carries that same posture, scale, interoperability, and audit-ready evidence, into the privacy and data governance layer.
These worlds are now beginning to converge. The questions enterprises ask about AI, cybersecurity, and privacy used to sit in separate rooms, but a single incident today rarely respects those boundaries. A data exposure can quickly become a cyber incident, a privacy obligation, a vendor risk issue, and an AI governance concern at the same time. Privy sits at that intersection, helping enterprises build the control and evidence layer needed to manage trust in a more complex digital ecosystem.
The public release of the result brings wider visibility to a bet IDfy placed before DPDP implementation became urgent: that Indian enterprises would need practical infrastructure to honour data principal rights and prove accountability at scale. As the DPDP implementation deadline approaches, that question will stop being theoretical for thousands of enterprises and the data principals they serve. The systems that will answer it are being chosen now.
About IDfy
IDfy is a 15-year-old trust infrastructure company that helps businesses build compliant, trusted digital ecosystems across identity verification, fraud prevention, risk intelligence, and privacy governance. It works with enterprises across banking, financial services, ecommerce, telecom, gaming, mobility, and other high-growth sectors. With Privy by IDfy, it extends this trust infrastructure into privacy and data governance.
About Privy by IDfy
Privy by IDfy is IDfy's privacy and data governance platform, built to help enterprises operationalise DPDP readiness at scale. The platform supports consent governance, data principal rights management, cookie governance, data discovery and classification, privacy impact assessments, third-party risk management, incident response, and compliance evidence across the data lifecycle.
Logo: https://mma.prnewswire.com/media/3004810/Privy_by_IDfy_Logo.jpg
(ADVERTORIAL DISCLAIMER: The above press release has been provided by PRNewswire. ANI will not be responsible in any way for the content of the same)