The Fractional Take with Anjali Gupta: Ep.7 - Is DPDPA the End of Performance Marketing?

December 16, 2025Updated on: June 08, 2026

All Podcasts The Fractional Take with Anjali Gupta: Ep.7 - Is DPDPA the End of Performance Marketing?

Summary

The Digital Personal Data Protection Act (DPDPA) has triggered a wave of uncertainty across the marketing industry. With strict new governance on data collection, many are wondering if traditional performance tactics like retargeting and personalization are effectively dead.

In this episode of The Fractional Take, Anjali Gupta separates the panic from the reality. Her verdict? The DPDPA won't kill marketing - but it will kill lazy marketing. The days of treating customer data like personal property are gone, and the focus must shift entirely to CRM hygiene and first-party data.

What's covered in the video

  • The Consent Shift: Why "implied" consent no longer holds up and how to make permissions real and revocable.

  • First-Party Data: Why your CRM is now your most valuable asset.

  • The End of "Grey" Tactics: Why buying lists and scraping data are now dangerous liabilities.

  • Trust vs. Reach: How to maintain personalization and automation in a privacy-first world.

DPDPA Compliance Summary: Quick Reference for Marketing Teams

If the episode made you want to audit your current setup or brief your agency, here is the structured reference to work from. The table below maps the key compliance areas DPDPA touches, what the act specifically requires in each, and the practices it makes unacceptable.

Compliance Area What DPDPA Requires What Is No Longer Acceptable
Consent Explicit, documented, and revocable consent tied to a specific stated purpose Implied consent, pre-checked boxes, or blanket permission language
Purpose limitation Data collected for one purpose cannot be reused for another without fresh, separate consent Adding a transaction customer into a marketing automation workflow without obtaining additional consent
CRM data governance Consent status must be logged alongside contact records; data must be deleted once its stated purpose is fulfilled Storing personal data indefinitely or using it for purposes not declared at the point of collection
First-party data Direct data relationships must be built through owned channels: newsletters, loyalty programs, logged-in experiences, preference centers Purchasing third-party contact lists or scraping websites to populate a database
Retargeting and lookalike audiences Permitted only where the seed list or audience data is documentably consented Uploading purchased or ungoverned databases to ad platforms to build custom or lookalike audiences
Agency and vendor access The brand must own all ad accounts, pixels, CRM integrations, and server-side tracking setups; agencies can access, not own Agencies holding independent ownership of platform accounts or unrestricted access to customer data
Children's data No tracking, profiling, behavioral analytics, or targeted advertising for users under 18 Any form of behavioral targeting, data collection, or ad personalization applied to minors
Cross-border data transfers Permitted only to countries on a government-approved list, with contractual safeguards documented Unrestricted cross-border data sharing with vendors or partners in unlisted countries

For the full breakdown, including a GDPR comparison, a detailed dos and don'ts checklist, and practical guidance on restructuring your data and martech stack, read the companion white paper: Data Responsibility in India: What the DPDP Act Means for Modern Marketers.

December 16, 2025

Updated on: June 08, 2026

How relevant and useful is this article for you?

Popular Resources