DPDP Act 2023 · plain-English guide

Does DPDP apply to you?

India's Digital Personal Data Protection Act is now law, its Rules are notified, and the Data Protection Board is active — with penalties up to ₹250 crore. Answer a few quick questions to find out if you're in scope.

2-minute check No sign-up

The 2-minute DPDP check

Toggle Yes / No. Your result updates instantly.

Do you collect contact details (name, email, phone) through forms, apps or websites?
Do you use tracking, analytics or advertising tools (cookies, pixels, CRMs)?
Do you collect government IDs (PAN, Aadhaar) or KYC documents?
Do you send marketing communications over email, SMS or WhatsApp?
Do you employ staff or contractors in India?
0 of 5 answered
The basics

Who the law speaks to.

DPDP governs any “digital personal data” of individuals in India. Two roles matter most.

Data Fiduciary

The organisation that decides why and how personal data is processed — that's most likely you. Fiduciaries carry the core obligations: notice, consent, security, breach reporting and honouring data-principal rights.

Data Processor

A vendor that processes data on a fiduciary's behalf (e.g. your cloud, CRM or payroll provider). You remain accountable for them — which is why vendor governance is part of DPDP readiness.

What you must operationalise

Four things DPDP asks of every fiduciary.

Notice

Tell people, in clear language, what data you collect, why, and how they can exercise their rights — before or at the point of collection.

Consent

Where consent is your basis, it must be free, specific, informed and revocable — with a way to prove it and to let people withdraw as easily as they gave it.

Rights

Individuals can access, correct, and erase their data, and nominate someone to act for them. You must acknowledge, fulfil and evidence each request on time.

Security & breach

Apply reasonable safeguards, and if a breach occurs, notify the Data Protection Board and affected individuals within the required window. The clock is short.

₹250 cr
Maximum penalty per instance
₹200 cr
For failure to prevent a breach
Active
Data Protection Board is live
Now
Rules notified & enforceable

This guide is a plain-English summary for orientation, not legal advice. For obligations specific to your organisation, talk to our compliance team.

How Niyam helps

From “are we in scope?” to “we're compliant.”

Niyam turns the DPDP checklist into a running system — discovery, consent, rights, breach tracking and evidence — with expert DPO support when you want it.

  • Discover Aadhaar, PAN & 20+ Indian PII patterns
  • Consent manager, DSAR portal & 72h breach clock
  • DPO-as-a-service & one-click audit packs
Get my free DPDP gap analysis
DPDP Readiness
93%
DPDP posture
53
Controls
0
Overdue
Consent notices publishedDone
DSAR SLA compliance100%
Breach playbook armedLive

Don't guess your DPDP exposure. Measure it.

Get a free, confidential gap analysis and a prioritised plan to become DPDP-ready.