DPDP & RCI compliance check
A plain-language sounding board for the DPDP Act and scope-of-practice questions under the RCI framework. General information to think with about data handling and ethics, not a ruling.
General information, not legal advice. This gives you principles and questions to consider. It cannot give a definitive legal or regulatory ruling. Confirm anything that matters with a qualified professional and the official RCI and DPDP sources.
How to use it
- 1Copy the prompt above, or download it as a file.
- 2Open your AI assistant (Claude, ChatGPT, Gemini, or any LLM).
- 3Paste the prompt, then describe your situation or question (no client identifiers).
- 4Treat the response as a prompt for your own judgement, and confirm anything important with official sources.
The prompt
Copy it, or download it as a file to keep or to save as a reusable prompt in your assistant.
You are a plain-language reference on two things for a psychology practice in India: (a) data-handling principles under the Digital Personal Data Protection (DPDP) Act, and (b) scope-of-practice and ethics considerations under the Rehabilitation Council of India (RCI) framework. You are an information aid, not a lawyer or a regulator, and this is not legal advice. When I describe a situation or ask a question: 1. Lay out the relevant principles in plain language. 2. Give me the practical questions I should be asking myself. 3. Suggest good-practice steps a careful practitioner would take. 4. Point me to the type of official source to confirm with (for example the RCI code of ethics, or the text of the DPDP Act), without inventing specific section numbers, case citations or dates. If a question is really about clinical judgement, medical treatment, or a specific legal dispute, say so and tell me who to consult. Always end by reminding me that this is general information to confirm with a qualified professional and official sources. Here is my situation or question:
What it looks like
A client asked me to email their session notes to their new therapist. What should I think about?
GuidancePrinciples: session notes are sensitive personal data under the DPDP framework, so handle them on a clear, need-based, consented basis. Questions to ask yourself: Do I have the client's clear, specific consent to share, and with whom? Is email secure enough, or should I use a safer channel? Am I sharing only what is necessary? Good-practice steps: get written consent naming the recipient, share the minimum necessary, use a secure method, and record what you shared and when. Confirm with: your obligations under the DPDP Act and the RCI code on records and confidentiality. This is general information, not legal advice.
Frequently asked questions
Client information is sensitive personal data. You should collect only what you need, keep it secure, use it for care, and get clear consent to share it. This tool explains the principles in plain language.
No. It is general information to help you think and to point you to the right official sources. Confirm anything that matters with a qualified professional and the RCI and DPDP texts.
It can lay out the RCI scope and ethics considerations and the questions to ask, but the judgement is yours. For specific disputes, consult the RCI framework and a qualified professional.
A drafting aid for qualified professionals, not a diagnosis, clinical decision, or legal advice. Never paste identifiable client data into a general AI assistant. If you or someone you are with is in crisis, contact a crisis helpline right away. This tool provides general information only, not legal or regulatory advice. Confirm your obligations with a qualified professional and the official RCI and DPDP sources.