IDfy Wins MeitY-NeGD DPDP Innovation Challenge as India Nears Privacy Law Enforcement
IDfy Wins DPDP Innovation Challenge as India Nears Privacy Law Enforcement

Baldor Technologies Pvt. Ltd., operating as IDfy, has won the Code for Consent: The DPDP Innovation Challenge, a competition organized by MeitY Startup Hub in collaboration with the National e-Governance Division (NeGD) under the Ministry of Electronics and Information Technology. Jio Platforms Limited secured the runner-up position. The evaluation noted IDfy's strong alignment with the Digital Personal Data Protection Act, alongside innovation, technical robustness, and practical applicability of its privacy and data governance platform, with consent management serving as the entry point to end-to-end DPDP implementation. MeitY Startup Hub and NeGD tested consent management systems on technical, functional, and legal readiness through live demonstrations, as enterprises brace for enforcement of the Digital Personal Data Protection Act.

Significance for India's Privacy Landscape

The result positions IDfy, a 15-year-old trust stack company, and its Privy platform at a critical juncture in India's transition from privacy readiness to privacy execution. As thousands of enterprises prepare for the operational demands of the DPDP Act, the challenge tested a capability that will soon become critical: proving, in practice, that organizations can obtain and manage user consent, govern the personal data that flows from it, and produce verifiable evidence under India's new privacy law.

Challenge Designed for Real-World Compliance

The challenge was designed to surface systems capable of supporting consent and data governance at the scale India's privacy regime under the Digital Personal Data Protection Act, 2023, will demand. With DPDP implementation moving closer, consent is evolving from a compliance afterthought to a system-level requirement, while privacy and data governance are becoming enterprise infrastructure. The government-backed challenge signaled the need for solutions that work in real-world enterprise environments rather than only on paper.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

For organizations, DPDP execution requires visibility into where personal data resides, how it is classified, how it moves across systems and vendors, where risks exist, and whether evidence can be produced when required. This makes capabilities such as data discovery and classification, DSPM, third-party risk management, privacy impact assessments, and rights management central to compliance. Entries were assessed across technical, functional, and legal compliance readiness, followed by final presentations and live demonstrations before winners were declared. For the broader market, the challenge signals that DPDP compliance will not be limited to consent notices but will depend on connected systems that can govern consent, data, risk, rights, and evidence across the enterprise.

Privy Platform: From Consent to Comprehensive Governance

IDfy built Privy as a privacy and data governance platform for enterprises preparing for DPDP implementation at scale. The company's argument, validated by the evaluation, is that consent capture is only the entry point to DPDP readiness. Once an enterprise starts collecting consent at volume, it must answer harder questions: where personal data actually resides, how it moves between systems and vendors, who has access to it, how data principal rights are fulfilled when a user asks, and whether the organization can produce verifiable evidence when a regulator comes calling.

Privy covers consent governance, data discovery and classification through Data Compass, data principal rights management, privacy risk assessments, third-party risk management, privacy-enhancing technologies, DSPM, and compliance evidence across the enterprise. It draws on IDfy's 15 years of work in identity verification, fraud prevention, and risk intelligence, domains where operating at scale and producing audit-ready records are already table stakes.

Pickt after-article banner — collaborative shopping lists app with family illustration

Industry Perspective

"The DPDP Act is forcing a boardroom shift in how companies treat trust and accountability," said Malcolm Gomes, COO of IDfy and head of Privy. "What made this challenge different was the depth of the evaluation. It wasn't a pitch. We were tested on legal readiness, technical robustness, and interoperability, then had to demonstrate it live. That validated something we've argued for a while: consent capture is the easy part. The hard part is governing data across discovery, access, rights, and evidence at enterprise scale, and being able to prove it. With IDfy's 15 years of experience in building trust infrastructure for Indian enterprises, Privy brings the same execution depth to privacy and data governance. This recognition from MeitY Startup Hub and NeGD strengthens our belief that India needs DPDP infrastructure that is scalable, interoperable, technically robust, and built for real-world adoption."

Market Shift from Checklist to Infrastructure

The recognition arrives as privacy readiness climbs the boardroom agenda. Personal data now moves across products, vendors, and customer journeys in ways that a legal checklist or a one-time software install cannot govern. Enterprises in regulated and high-growth sectors are increasingly treating DPDP compliance as operational infrastructure that must run continuously rather than a project that closes. That demand is visible in Privy's footprint. The platform is currently a trusted choice for enterprises across banking, insurance, NBFCs, fintech, ecommerce, telecom, and professional services, including Axis Bank, HSBC, Federal Bank, Shriram Finance, Aditya Birla Capital, Housing.com, Airtel, Shoppers Stop, and Teleperformance, among others. The company reports over 50 live implementations across enterprise environments, covering close to 500 million users and processing between 70 and 80 million consent notices, making it one of the largest ongoing DPDP implementation efforts in the country.

Extending the TrustStack into Privacy

For IDfy, privacy governance is a logical extension rather than a pivot. Fifteen years in identity verification and fraud prevention has given the company an understanding of India's personal data landscape that is hard to shortcut: the languages a consent notice has to speak, the phygital flows where paper and digital collection meet, and the industry-specific ways Indian enterprises actually handle customer data. IDfy has been shaping India's trust and data protection landscape for a decade and a half, building what it calls its TrustStack across customer, employee, partner, and vendor journeys. Privy carries that same posture—scale, interoperability, and audit-ready evidence—into the privacy and data governance layer. These worlds are now converging. The questions enterprises ask about AI, cybersecurity, and privacy used to sit in separate rooms, but a single incident today rarely respects those boundaries. A data exposure can quickly become a cyber incident, a privacy obligation, a vendor risk issue, and an AI governance concern simultaneously. Privy sits at that intersection, helping enterprises build the control and evidence layer needed to manage trust in a more complex digital ecosystem.

The public release of the result brings wider visibility to a bet IDfy placed before DPDP implementation became urgent: that Indian enterprises would need practical infrastructure to honor data principal rights and prove accountability at scale. As the DPDP implementation deadline approaches, that question will stop being theoretical for thousands of enterprises and the data principals they serve. The systems that will answer it are being chosen now.

About IDfy and Privy

IDfy is a 15-year-old trust infrastructure company that helps businesses build compliant, trusted digital ecosystems across identity verification, fraud prevention, risk intelligence, and privacy governance. It works with enterprises across banking, financial services, ecommerce, telecom, gaming, mobility, and other high-growth sectors. With Privy by IDfy, it extends this trust infrastructure into privacy and data governance. Privy by IDfy is IDfy's privacy and data governance platform, built to help enterprises operationalize DPDP readiness at scale. The platform supports consent governance, data principal rights management, cookie governance, data discovery and classification, privacy impact assessments, third-party risk management, incident response, and compliance evidence across the data lifecycle.