There are several key nuances differentiating India's Digital Personal Data Protection Act and the EU General Data Protection Regulation, CoRover.ai founder and CEO Ankush Sabharwal writes in Forbes. He said one example is the DPDPA introducing the concept of "deemed consent," in which data controllers have the legal grounds to process an individual's personal information for the "explicit purpose for which the individual willingly shared their data," unless they withdraw it. Under the GDPR, a data controller must obtain "explicit and affirmative consent before collecting and processing user data."