1. Data mapping & discovery
Inventory of personal data you collect, process and store.
Data-flow map across systems, apps and vendors.
Identified Indian identifiers (Aadhaar, PAN, UPI) and where they sit.
2. Notice & consent
Plain-language privacy notice at every collection point.
Consent that is free, specific, informed and revocable.
A consent record you can produce as evidence.
3. Data-principal rights (DSAR)
A channel for access, correction and erasure requests.
Defined SLAs and an audit trail for each request.
A published grievance-redressal contact.
4. Security safeguards
Access control, encryption and logging on personal data.
Defined retention & deletion schedules.
5. Breach response
A breach-response plan with roles and timelines.
Templates to notify the Data Protection Board and affected individuals.
6. Vendors, governance & evidence
A processor register with contracts and safeguards.
Accountability (DPO / owner) and periodic review.
An evidence trail that makes an audit boring.
Niyam operationalises this entire checklist - discovery, consent, DSAR, breach tracking, vendor governance and evidence - with DPO support when you want it. Get your posture assessed for free →
This checklist is a plain-English aid, not legal advice. Confirm obligations for your organisation with a qualified advisor.