In today’s era of information and technology, a person browsing online leaves behind digital blueprints which reveal more about his personal information than he realises. The vulnerable data over online platforms could range from an individual’s name, profession, family, choices, etc., to sensitive information like medical records, sexual orientation, financial information, etc. The data-driven research and analysis by corporations and government entities of an individual’s finances, health conditions, political alignment, consumer habits, etc., transforms the raw data into actionable knowledge which suffers from a lack of consent or absence of quality consent and purpose-specific collection. The significance of data protection laws becomes pertinent in a civilisation that thrives on round-the-clock access to the internet and information sharing. The right to Privacy as a fundamental right was identified in India in K.S. Puttaswamy v. Union of India, which envisioned informational privacy within the realm of privacy jurisprudence. As the Supreme Court urged the Union to provide a robust system for data protection, after nearly six years, the Digital Data Protection Act, 2023, was passed, hailed as an unwavering government commitment towards data protection. Though the declaration initiated a dialogue surrounding the quintessential need for data protection, prior to that, the Information and Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 determined responsibilities for data protection and affixing accountability for digital privacy. The paper will unpack the Act of 2023, juxtaposing it with its predecessors, and will undertake a comprehensive analysis of the touchstone of the European Union’s General Data Protection Regulation (GDPR). The aim is to establish how far the legislation has succeeded in realising the true essence of informational privacy and providing a mechanism to counteract the data controller’s unwarranted and nonconsensual data mining.