The Digital Personal Data Protection Act has changed how housing societies must handle resident data, and brings in new responsibilities for both management committee members and community apps.
To align with DPDP requirements, ADDA has released the Consent Manager framework in the ADDA App and ADDA ERP.
This ensures:
- Clear segregation between legitimate society communication and promotional communication
- Resident-level consent tracking
- Ability to withdraw consent anytime
- Transparent logs for audit and dispute resolution
With this ADDA Becomes First Community App to release DPDP Act Compliant Consent Manager.
Let us understand how this works in practice.
Table of Contents
What Has Changed Under the DPDP Act for Housing Societies?
1. Management Committees Are Now Data Fiduciaries
The Management Committee is legally recognised as the entity responsible for resident data. This means the committee is accountable for how personal data is collected, stored, and used.
This responsibility is no longer informal. It is statutory.
2. Data Fiduciaries can face huge penalties (up to Rs. 250 Crores)
In case proper data protection measures have not been taken towards personal data breach or misuse, penalties for management committee members can go up to ₹250 crores.
3. Purpose Limitation Is Now Mandatory
Resident data collected for society operations must only be used for legitimate community purposes.
Society Admins collect resident data for the purpose of maintaining legal records, community related communication, visitor notifications, billing, and complaint management. It cannot automatically be used for unrelated commercial activity.
4. Explicit Consent Is Required for External or Promotional Use
If data is used outside legitimate society functions, explicit, documented consent becomes mandatory.
AGM approval does not count as individual consent.
Why did the need for Consent Manager Arise?
Consent Manager helps implement the concepts of Purpose Limitation and Explicit Consent – the 2 essential pillars of the DPDP Act of India.
Purpose limitation means that resident data collected by the society can only be used for legitimate community functions.
These include:
• Safety alerts
• AGM notices and statutory communication
• Finance Related communications
• Maintenance billing and payment updates
• Complaint management
• Visitor approvals and security coordination
These are essential functions of the RWA or Management Committee. For these purposes, explicit consent is not required because this is the very reason the data was collected in the first place. Residents also cannot opt out of these communications, since doing so would disrupt governance and daily operations.
However, when communication goes beyond core society functions, explicit consent becomes mandatory.
Examples include:
- Deals and offers from local brands
- Sponsored newsletters
- Third-party promotional campaigns
- Advertisements displayed inside the app
In such cases:
- Consent must be taken individually from each resident
- The purpose must be clearly explained
- Consent must be documented
- Withdrawal must be as simple as giving consent
- Essential community updates must remain unaffected
This structured separation between legitimate use and promotional use is what the Consent Manager enables.
What Consents Are Now Available Inside the ADDA App?
Residents can now view and manage consent directly from:
ADDA App → More → Settings → Consent Manager
The following categories are visible:
1. Essential Community Updates / Services
This remains mandatory for smooth society operations and cannot be opted out.
These include safety alerts, billing communication, visitor approvals, and statutory notices.
2. 3rd Party Deals & Offers from Community Office (Data Fiduciary)
This is optional consent.
If the society shares neighbourhood deals or sponsored offers, residents must explicitly opt in. They can disable this anytime from the app without affecting essential communication.
3. 3rd Party Deals & Offers from Community App (Data Processors)
This is displayed for transparency. ADDA does not independently send advertisements or promotional notifications. However, the framework accounts for this category from a compliance perspective.
Other community Apps who send promotions and advertisements from their end, should provide this as an option – using which app users should be able to withdraw consent from seeing advertisements in their Community App. And yes, there cannot be any charge associated with withdrawing consent, as providing consent and withdrawing should be similar to each other.
What Happens If a Resident Disables Promotional Consent?
If a resident chooses not to receive promotional communication:
- Promotional emails sent via Email Broadcast will not be delivered.
- Promotional announcement emails, app notifications, and in-app promotional messages will not be shown.
- Promotional in-app banners will not be displayed.
Essential community updates and operational services will continue without interruption.
There is no impact on billing, safety alerts, or governance communication.
How Does This Protect Management Committees?
The Consent Manager introduces clear operational discipline.
When sending announcements, Management Committees must classify whether a message is:
- Operational
or - Promotional
If marked promotional, only residents who have opted in will receive it.
In addition:
- Consent activity logs are available in ERP → Units & Users
- The community management team can track when consent was given, updated, or withdrawn
- Full visibility is maintained for audit or dispute situations
This provides documented proof of compliance.
Why Is This Structurally Important for Governance?
A housing society app is a governance system, not a marketing channel.
The Consent Manager creates a clean separation between:
- Legitimate society purpose
- Promotional or external use
This separation reduces legal exposure and improves transparency.
It also reinforces trust between residents and the Management Committee.
What Are the Benefits of the Consent Manager?
- Ensures DPDP-aligned compliance for communities
- Builds greater trust and transparency with residents
- Creates clear separation between essential and promotional communication
- Gives residents real control over their data preferences
Most importantly, it operationalises consent instead of treating it as a checkbox.
Final Thought
The DPDP Act has made one thing clear.
Resident data belongs to residents.
Management Committees (Data Fiduciaries) are responsible for lawful use. The Consent Manager ensures that this responsibility is supported by structure, transparency, and documented control.