Summary: This article is the second part of a two-part series, examining the implications of India’s Digital Personal Data Protection Rules, 2025, on internal investigations conducted by organisations and their legal counsel. While Part I addressed the foundational framework and the applicability of exemptions under the DPDP Act, particularly Section 17(1)(c); Part II focuses on the practical compliance obligations that Data Fiduciaries must navigate during internal investigations, including security requirements, breach notification protocols, data retention and erasure mandates, and cross-border transfer complexities.Continue Reading Implications Of The Digital Personal Data Protection Rules, 2025:  Stoking Internal Investigations – Part II