
Podcast
AI and Brand Trust: What Marketers Are Missing in 2026
July 07, 2026
December 16, 2025Updated on: June 08, 2026
All Podcasts The Fractional Take with Anjali Gupta: Ep.7 - Is DPDPA the End of Performance Marketing?
The Digital Personal Data Protection Act (DPDPA) has triggered a wave of uncertainty across the marketing industry. With strict new governance on data collection, many are wondering if traditional performance tactics like retargeting and personalization are effectively dead.
In this episode of The Fractional Take, Anjali Gupta separates the panic from the reality. Her verdict? The DPDPA won't kill marketing - but it will kill lazy marketing. The days of treating customer data like personal property are gone, and the focus must shift entirely to CRM hygiene and first-party data.
The Consent Shift: Why "implied" consent no longer holds up and how to make permissions real and revocable.
First-Party Data: Why your CRM is now your most valuable asset.
The End of "Grey" Tactics: Why buying lists and scraping data are now dangerous liabilities.
Trust vs. Reach: How to maintain personalization and automation in a privacy-first world.
If the episode made you want to audit your current setup or brief your agency, here is the structured reference to work from. The table below maps the key compliance areas DPDPA touches, what the act specifically requires in each, and the practices it makes unacceptable.
| Compliance Area | What DPDPA Requires | What Is No Longer Acceptable |
|---|---|---|
| Consent | Explicit, documented, and revocable consent tied to a specific stated purpose | Implied consent, pre-checked boxes, or blanket permission language |
| Purpose limitation | Data collected for one purpose cannot be reused for another without fresh, separate consent | Adding a transaction customer into a marketing automation workflow without obtaining additional consent |
| CRM data governance | Consent status must be logged alongside contact records; data must be deleted once its stated purpose is fulfilled | Storing personal data indefinitely or using it for purposes not declared at the point of collection |
| First-party data | Direct data relationships must be built through owned channels: newsletters, loyalty programs, logged-in experiences, preference centers | Purchasing third-party contact lists or scraping websites to populate a database |
| Retargeting and lookalike audiences | Permitted only where the seed list or audience data is documentably consented | Uploading purchased or ungoverned databases to ad platforms to build custom or lookalike audiences |
| Agency and vendor access | The brand must own all ad accounts, pixels, CRM integrations, and server-side tracking setups; agencies can access, not own | Agencies holding independent ownership of platform accounts or unrestricted access to customer data |
| Children's data | No tracking, profiling, behavioral analytics, or targeted advertising for users under 18 | Any form of behavioral targeting, data collection, or ad personalization applied to minors |
| Cross-border data transfers | Permitted only to countries on a government-approved list, with contractual safeguards documented | Unrestricted cross-border data sharing with vendors or partners in unlisted countries |
For the full breakdown, including a GDPR comparison, a detailed dos and don'ts checklist, and practical guidance on restructuring your data and martech stack, read the companion white paper: Data Responsibility in India: What the DPDP Act Means for Modern Marketers.
December 16, 2025
Updated on: June 08, 2026
How relevant and useful is this article for you?