India's Digital Personal Data Protection Act is now law, its Rules are notified, and the Data Protection Board is active — with penalties up to ₹250 crore. Answer a few quick questions to find out if you're in scope.
Toggle Yes / No. Your result updates instantly.
DPDP governs any “digital personal data” of individuals in India. Two roles matter most.
The organisation that decides why and how personal data is processed — that's most likely you. Fiduciaries carry the core obligations: notice, consent, security, breach reporting and honouring data-principal rights.
A vendor that processes data on a fiduciary's behalf (e.g. your cloud, CRM or payroll provider). You remain accountable for them — which is why vendor governance is part of DPDP readiness.
Tell people, in clear language, what data you collect, why, and how they can exercise their rights — before or at the point of collection.
Where consent is your basis, it must be free, specific, informed and revocable — with a way to prove it and to let people withdraw as easily as they gave it.
Individuals can access, correct, and erase their data, and nominate someone to act for them. You must acknowledge, fulfil and evidence each request on time.
Apply reasonable safeguards, and if a breach occurs, notify the Data Protection Board and affected individuals within the required window. The clock is short.
This guide is a plain-English summary for orientation, not legal advice. For obligations specific to your organisation, talk to our compliance team.
Niyam turns the DPDP checklist into a running system — discovery, consent, rights, breach tracking and evidence — with expert DPO support when you want it.
Get a free, confidential gap analysis and a prioritised plan to become DPDP-ready.