A Consent Manager under the DPDP Act 2023 is a person registered with the Data Protection Board who acts as a single point of contact for a Data Principal to manage, review, and withdraw consent given to multiple Data Fiduciaries. The Consent Manager must be accountable to the Data Principal and act on their instructions. This concept enables individuals to have a centralised dashboard for all their data consents across organisations, making it easier to exercise rights under the Act. In financial services, Consent Managers may integrate with the Account Aggregator framework already established by RBI.
The Consent Manager under Section 6(9) of the DPDP Act 2023 is designed to give individuals a single, accountable dashboard to grant, review and withdraw consent across many institutions. For the financial sector this is significant because Consent Managers may dovetail with the RBI Account Aggregator framework already in use, meaning a borrower could manage lending-related data consents through one registered intermediary. In practice, a lender relying on data shared via a Consent Manager must ensure the chain of consent is valid and that withdrawal is honoured promptly, because the Consent Manager acts on the data principal's instructions, not the institution's. The operational challenge is wiring internal systems so that a withdrawal flowing through a Consent Manager actually halts further processing. Getting it wrong — continuing to process after consent is pulled through the manager — converts a routine data flow into a contravention. Well-advised institutions test the Consent Manager integration before relying on it for live processing.
For specific advice on how Consent Manager applies to your debt recovery matter, consult Advocate Subodh Bajpai — LLM, MBA (XLRI Jamshedpur). 8+ years of exclusive banking and debt recovery practice across DRT, SARFAESI, IBC, and NI Act.
Defined by Advocate Subodh Bajpai, Senior Partner, Unified Chambers and Associates