BlogArrowProductArrow
consent-journey

Build consent journeys that minimize drop-offs

Aditya Patel

Director - Growth
December 4, 2025

Summary

  • Under DPDP, a consent collection notice must spell out data categories, specific purposes, language options and withdrawal process.
  • Most implementations either violate the law (simple checkbox) or add too many clicks (multi-step popups)
  • To minimise drop-offs, design consent boxes that:
  1. keep clicks to 1–2
  2. use simple, visible data categories, and
  3. show a clear language selector.
  • In this article we dive into the details
Read More
Download Blog as PDF
Content

Summary

  • Under DPDP, a consent collection notice must spell out data categories, specific purposes, language options and withdrawal process.
  • Most implementations either violate the law (simple checkbox) or add too many clicks (multi-step popups)
  • To minimise drop-offs, design consent boxes that:
  1. keep clicks to 1–2
  2. use simple, visible data categories, and
  3. show a clear language selector.
  • In this article we dive into the details

Under the DPDP Act, companies that process customers’ personal data must collect consent at the point of data collection.

Let's say you run a digital lending app, you collect the customer's name, mobile number, and email when they create an account.

Under DPDP, you will need to collect consent for this data right away. Not later, not earlier.

So now, there’s an extra compliance step you need to add to all customer journeys - leading to potential user fatigue and drop off risk.

This article will help you avoid these problems.

In this 3-minute explainer, we'll cover:

  • Why simple checkboxes don’t work under the DPDP Act
  • What the DPDP Act requires from your consent notice/box
  • A clear way to design a DPDP consent notice in a way that minimizes drop offs

It’s a simple checkbox - drop-offs are probably minimal

Many companies use a basic, catch-all, “simple” box:

Loan Application

This workaround is a violation of the DPDP Act.

Under DPDP (and even RBI guidelines), a consent notice/box must do five things: 

  • Specify the exact personal data being collected. Data categories must be itemized
  • Specify the exact purpose for which each type of personal data is being used. Purpose need not be itemized as per the final DPDP Rules.
  • Must be presented to the customer in clear and plain language.
  • Give the customer the option to view the request in any language specified under the 8th Schedule of the Constitution of India.
  • Inform the customer how they can withdraw consent and raise a complaint to the Data Protection Board.

The “simple” box above does none of the above.

So many teams use a more granular, DPDP-specific boxlike the one below

This box is a massive over complication for 3 reasons:

A. Multiple unnecessary clicks

  • 3-4 clicks to view details under each purpose
  • 2-5 clicks to give select purposes for consent
  • 2-4 clicks to select specific categories of data under proof of address purpose
  • 1 click to submit

That’s a minimum of 7 clicks that you’ve added in your customer onboarding journey. 

B. Unbundling of PII

The box does not bundle PII into data categories. Instead, it lists out each personal data item per document separately even though DPDP allows data categories.

For customers, this is tedious. They don’t care about your internal fields; they care about whether they’re sharing Aadhaar, PAN or contact details.

C. Lack of local language

The box does not provide an easy way to switch languages. Apart from being a compliance violation, this can also lead to customers who don’t know English dropping off. 

These three issues can lead to user fatigue and drop-offs

How to prevent drop-offs during DPDP consent collection

Here’s an image of a DPDP-compliant collection box that is designed to reduce drop-offs:

A. For most customers, this box collapses DPDP consent to a single click:

  • Pre-select mandatory data: Data that is absolutely necessary for provision of the underlying service is pre-selected.

         If they wish to opt-out, they can simply close your app. Don’t mark everything as mandatory. Reserve this

         for data that is genuinely required to run the core service.

  • Accept All button: A customer who wants to submit all details can give consent in a single click
  • Accept selected button: A customer who only wants to submit the bare minimum data can also give consent in a single click
  • Granular control: Customers who want to think and choose can still select/unselect specific checkboxe

B. The box uses a simple way to communicate data categories

All the data categories used for specific purposes are mentioned together in an instantly visible way.

Instead of forcing users to select name, address, DOB separately, this notice shows them that they are consenting to ‘Aadhaar data’ or ‘KYC documents’ being used for specific purposes.

C. Prominent language selection: 

Customers are more likely to understand and complete consent requests in their preferred language. DPDP mandates 22 languages.

The box above has a prominent language selector - reducing ch

We baked these principles into our own consent notice/box:

With Consentin, you can deploy a 1-click consent collect notice/box across your customer journeys in less than 2 weeks.

Our Consent Collect Box follows the 3 principles we discussed above - few clicks, itemized data categories and easy language selection.

Once you're collecting consent properly, you need to store it, honor it, and prove compliance.

Consentin handles this:

  1. Store consent as legally valid DPDP artefacts
  2. Built-in privacy center for customers to manage their preferences
  3. Consent look-up API so your systems check consent before processing data

The entire consent flow - from collection to look-up can be integrated in your customer journeys in less than 2 weeks.

You can try Consentin for free

Implement Consentin for free

Try Here

Related Articles

Legal Explainers

Cookie Consent: Does the DPDP Act Apply to Cookies?

Blog avatar image

Anahad Narain

Legal Explainers

What are the top 10 key obligations under the DPDP Rules 2025

Blog avatar image

Avisha Khatri

Legal Explainers

Final DPDP Rules 2025: Key Changes, Obligations & Implementation Guide

Blog avatar image

Amala Maria George

Consentin Logo
Plot No. 444, Udyog Vihar Phase 3, Gurugram,
Haryana, 122008
For enquiries - enquiry@consent.in
For support - support@consent.in
About
Who are we?Contact UsCareersPrivacy centerCookie preferenceT&C
Products
Consent ManagementData Life Cycle ManagementCompliance & PrivacyThird Party Risk Management
Compliance Handbooks
Data Retention GuideCompliance ChecklistData Mapping GuideData Compliance GuideData Retention Guide
Industry Solutions
BFSIEcommerceTelemarketing
Resources
Consent FAQProduct FAQDPDP FAQBlogs
Quick links
Whats DPDP Act in IndiaGDPR vs DPDPDPDP draft rulesWhat is Cookie ConsentExemptions in DPDP ActPenalties in DPDP Act
Other Leegality Products
Document InfrastructureAadhaar eSigneSignDigital StampingNeSLElectronic Bank GuarenteesDeal Collaboration
2025 Copyright consent.in

Compliance Deadline:

0 weeks away