Optician India

The Digital Personal Data Protection (DPDP) Rules, 2025—officially notified on 14 November 2025—introduce a transformative compliance relief mechanism for micro and small businesses in India. One of the most relevant provisions for the optical and eye-care sector is the Small Entity (Small Data Fiduciary) Exemption, designed to ease the regulatory burden on low-volume practitioners who handle limited personal data.

Who Qualifies as a Small Entity?

• Handles low volumes of personal data (e.g., neighbourhood optical stores)

• Does not process sensitive health data at scale

• Classified as MSME or small-scale establishment

• Limited operations such as a single shop or rural practice

Major Compliance Exemptions for Small Entities

Small Entities are not required to:

• Appoint a Data Protection Officer (DPO)

• Conduct DPIAs

• Undergo annual third?party audits

• Maintain purpose registers

• Implement advanced grievance frameworks

• Deploy enterprise-grade cybersecurity systems

Obligations That Still Apply

• Clear privacy notice

• Explicit consent

• Purpose limitation

• Basic digital security

• Consent withdrawal & data deletion rights

• Reporting significant data breaches

• Parental consent for children’s data

When the Exemption Does Not Apply

• Large-scale processing of health data

• Large-scale children’s data (e.g., school screenings)

• Multi-outlet operations

• Automated profiling or targeted marketing

• Entities classified as Significant Data Fiduciaries

Practical Impact on India’s Optical Industry

Most Likely to Qualify for exemptions :

• Independent optical stores

• Solo optometry clinics

Not Likely to Qualify for exemptions:

• Multi-store optical chains

• High-volume speciality eye-care centres

• Franchise networks

Conclusion

The Small Entity Exemption offers a balanced framework that protects patient privacy while reducing compliance burdens for India’s optical and optometry sector.